Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Management

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

726003000 - Network

726005000 - Credential

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20080282331User Provisioning With Multi-Factor Authentication - A method and system for authenticating a user in a network includes a network software client of a computing device requesting network software services from a service gateway. A call between a user phone and an IVR phone login system is initiated in response to the user phone and the computing device being within a coverage area of the service gateway. A location of a user uniquely assigned to the computing device is identified within the coverage area. A first information received in the network software services from the computing device is correlated with a second information received from the IVR phone login system. When the first and second information match, access by the computing device to services of the service gateway is allowed.11-13-2008
20110185408SECURITY BASED ON NETWORK ENVIRONMENT - A method comprises assessing a network environment in which an electronic device is present and implementing a security feature based on the assessment of the network environment. Assessing the network environment comprises identifying other network entities on a network to which the electronic device is coupled.07-28-2011
20120266220System and Method for Controlling Access to a Third-Party Application with Passwords Stored in a Secure Element - A system for controlling access to an application on a portable communication device having a secured element and a user interface comprises memory associated with the secure element; a card management module operably associated with the portable communication device and with the secure element capable of controlling the secured element to facilitate writing to and reading from the memory; and a password management module operably associated with the card management module, the portable communication device user interface, and the application, the password management module receiving an application identifier associated with the application, a user name, and a password from the user interface, and providing an access command to the application based on whether the received user name and password match information stored in the memory.10-18-2012
20120174200DIGITAL IDENTITY MANAGEMENT - One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.07-05-2012
20110191837AUTHENTICATING A DEVICE AND A USER - A method of authenticating a device and a user comprises receiving a user input, generating a first key from the user input, performing a physical measurement of the device, obtaining helper data for the device, computing a second key from the physical measurement and the helper data, and performing an operation using the first and second keys. In a preferred embodiment, the method comprises performing a defined function on the first and second keys to obtain a third key. Additionally security can be provided by the step of receiving a user input comprising performing a biometric measurement of the user and the step of generating a first key from the user input comprises obtaining helper data for the user and computing the first key from the biometric measurement and the user helper data.08-04-2011
20110191835METHOD AND APPARATUS FOR IDENTITY REUSE FOR COMMUNICATIONS DEVICES - An apparatus and method for identity reuse operable in a communications system, the method comprising selecting an identity value for a device; registering the device onto a network with the selected identity value; determining if the registration of the device is successful; and establishing a communication session for the device and deregistering the selected identity value upon termination of the communication session if the registration is successful, or determining whether to try a different identity value if the registration is not successful. In one aspect, the apparatus and method further comprising waiting a predetermined time period before either re-registering with the selected identity value or registering with the different identity value.08-04-2011
20090193506CRYPTOGRAPHIC PEER DISCOVERY, AUTHENTICATION, AND AUTHORIZATION FOR ON-PATH SIGNALING - A method is disclosed for cryptographic peer discovery, authentication, and authorization. According to one embodiment, a data packet, which is addressed to a destination device other than an intermediary network device, is intercepted at the intermediary network device. The data packet contains a request and a group identifier. A shared secret cryptographic key, which is mapped to the group identifier, is selected. A challenge is sent toward an upstream device from whence the data packet came. A response is received. A verification value is generated based on the cryptographic key and the challenge. It is determined whether the response matches the verification value. If the response matches the verification value, then it is determined whether the request is allowed by an authorization set that is mapped to the group identifier. If the request is allowed, then a policy of the intermediary network device is configured based on the request.07-30-2009
20090193505Issuing Secure Certificate Using Domain Zone Control Validation - A requester requests a secure certificate for a domain name from a validating entity, such as a certification authority. To verify that the requestor has control over the domain name, the validating entity generates a pass string. The requestor enters the pass string into a domain zone. The validating entity determines if the pass string was entered in the domain zone. If the pass string is present in the domain zone, the validating entity may issue the secure certificate. If the pass string is not in the domain zone, the validating entity may deny issuing the secure certificate to the requestor.07-30-2009
20130086656Method and Apparatus for Protecting a Single Sign-on Domain from Credential Leakage - Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client.04-04-2013
20130086659DATA PROCESSING APPARATUS, ACTIVATION CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM - According to one embodiment, a storage stores secret data, first identification data, and a first random key. A generation module generates first authentication data from the secret data, first identification data, and second identification data of a removable medium. A first verification module determines whether the first authentication data and second authentication in the removable medium are identical. A second verification module determines whether the first random key and a second random key in the removable medium are identical, if the first and second authentication data are identical. An activation module activates the data processing apparatus if the first and second random keys are identical.04-04-2013
20130086657RELYING PARTY PLATFORM - A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality.04-04-2013
20130081118METHOD, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR ESTABLISHING A LOGIN SESSION - A method, system, and computer-readable storage medium are provided. Embodiments of the invention include receiving notification of a log-in event associated with a first login session wherein a user is authorized to access a resource of a computing system based on a credential. During the first login session and in response to determining the credential is valid, a second login session is established by granting the user access to a resource of an application associated with the computing system. During the first login session and in response to receiving information indicating an event has occurred, the second login session is terminated such that the user does not have access to the resource of the application. And during the first login session and in response to determining again that the credential is valid, a third login session is established by granting the user access to a resource of the application.03-28-2013
20130086660SYSTEM FOR PREVENTING ILLEGAL COPY OF SOFTWARE AND METHOD FOR PREVENTING ILLEGAL COPY OF SOFTWARE - Disclosed herein are a system for preventing an illegal copy of software and a method for preventing an illegal copy of software. The system for preventing an illegal copy of software includes: a terminal where software to be authenticated is installed and executed; a first Zigbee device connected with the terminal in a wired method and storing a plurality of unique passwords; and a second Zigbee device connected with the first Zigbee device in a wireless method and storing at least all the unique passwords of the first Zigbee device. Utilization is improved as compared with a known hardware lock type and an illegal copy possibility by hooking is excluded and since an authentication process is performed through encoded communication by using random variables, the illegal copy of software can be thoroughly stopped.04-04-2013
20130086658PRIVILEGED ACCOUNT MANAGER, ACCESS MANAGEMENT - Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.04-04-2013
20130086655PASSWORD CHANGING - In one example, a computing device generates a new password for accessing a user account and/or computing system and inspires a change of an existing password for the user account and/or computing system to the new password. Thereafter, the computing device detects occurrence of a condition to trigger another change of the password for the user account and/or computing system and, responsively, inspires another change of the password for the user account and/or computing system.04-04-2013
20130036458METHODS AND SYSTEMS FOR IDENTITY VERIFICATION - The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.02-07-2013
20130036459METHODS AND SYSTEMS FOR IDENTITY VERIFICATION - The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.02-07-2013
20090019534System, method and computer program product for providing unified authentication services for online applications - A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.01-15-2009
20090165101Domain Membership Rights Object - A method of providing permissions to consume content objects within a domain includes creating a domain and a domain membership rights object for each member. The domain facilitates the sharing of content objects amongst the members of the domain. The domain membership rights objects for each member include permissions for each member in the domain to consume content objects in the domain.06-25-2009
20100043063SYSTEM, METHOD AND PROGRAM FOR OFF-LINE USER AUTHENTICATION - Disclosed is an off-line user authentication system, which is designed to present a presentation pattern to a user subject to authentication, and apply a one-time-password derivation rule serving as a password to certain pattern elements included in the presentation pattern at specific positions so as to create a one-time password. An off-line authentication client pre-stores a plurality of pattern element sequences each adapted to form a presentation pattern, and a plurality of verification codes created by applying a one-time-password derivation rule to the respective presentation patterns and subjecting the obtained results to a one-way function algorism. A presentation pattern is created using one selected from the stored pattern element sequences, and presented to a user. A one-time password entered from the user is verified based on a corresponding verification code to perform user authentication. The present invention provides an off-line matrix authentication scheme with enhanced security.02-18-2010
20100043062Methods and Systems for Management of Image-Based Password Accounts - The invention provides methods and systems for management of image-based password accounts. A password management account may be accessed by a user undergoing image-based authentication. The invention may allow a user to manage parameters relating to image-based authentication. The invention may also allow a user to manage authentication at one or more web site.02-18-2010
20090158409REMOTE CONFIGURATION, PROVISIONING AND/OR UPDATING IN A LAYER TWO AUTHENTICATION NETWORK - A device capable of remote configuration, provisioning and/or updating comprising a network detector capable of detecting a network regardless of the state of the operating system on the device, wherein the network requires layer two authentication, and an Embedded Trust Agent capable of generating an authentication credential for layer two authentication and communicating the authentication credential via a layer two authentication protocol without a functioning operating system.06-18-2009
20090158408METHODS, SYSTEMS, AND COMPUTER PRODUCTS FOR PROVIDING AND ACCESSING MEDIA - Methods, systems, and computer products for providing media over an Internet Protocol (IP) based network. The methods, systems, and computer products include receiving a handle and/or password input by a user, associating the handle and/or password to a channel inaccessible by the public, mapping the handle and/or password input by the user to the inaccessible channel, and providing the inaccessible channel to the user.06-18-2009
20090158407API TRANSLATION FOR NETWORK ACCESS CONTROL (NAC) AGENT - An application programming interface (API) translation agent and method for converting a message from one application configured according to a first API to a message configured according to a second API so that the first application, which is configured to communicate only in accordance with the first API, can communicate with a second application, which is configured to communicate only in accordance with the second API. The first and second applications can include a security application and a network access control (NAC) agent installed on an end point computing device, and the API translation agent can be used by the NAC agent to obtain information regarding a security status of the end point computing device, the information being used to determine whether the end point computing device is in compliance with the security policies of a network.06-18-2009
20100107230SYSTEM, METHOD AND APPARATUS FOR AUTHENTICATING AND PROTECTING AN IP USER-END DEVICE - A system, method and apparatus authenticates and protects an Internet Protocol (IP) user-end device by providing a client-based security software resident on the IP user-end device, authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, and protecting the IP user-end device by: (a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node.04-29-2010
20100107229Method and Apparatus for Mobile Time-Based UI for VIP - A method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication are described. The computer-implemented method comprising detecting launch of a security code generation application on a wireless communications device, generating a first unique security code upon launching the application, displaying the first security code on the wireless communications device, determining based on time whether to generate a new unique security code, and displaying the new unique security code.04-29-2010
20090119760METHOD FOR RECONFIGURING SECURITY MECHANISM OF A WIRELESS NETWORK AND THE MOBILE NODE AND NETWORK NODE THEREOF - A method for reconfiguring the security mechanism of a wireless network system includes steps of: sending a packet from a network node to a mobile node; sending a negotiation packet from the mobile node to the network node according to a selected authentication protocol; the mobile node and the network node proceeding the authentication process if the received negotiation packet is valid; the mobile node and the network node generating a security association after the authentication process is completed.05-07-2009
20100095359Systems and Methods for Identifying a Network - Exemplary systems and methods for identifying a wireless network are provided. In exemplary embodiments, a method includes at least a digital device receiving network information associated with a network, generating an access identifier based on the network information, generating a credential request including the access identifier, providing the credential request to a credential server, receiving a credential request response from the credential server, the credential request response comprising network credentials to access the network, and providing the network credentials to a network device to access the network.04-15-2010
20120167186METHOD FOR PRODUCING A SOFT TOKEN - The invention relates to a method for reading the at least one attribute stored in an ID token (06-28-2012
20130047226Method And Apparatus For Token-Based Re-Authentication - According to one embodiment, an apparatus may store a plurality of tokens that indicate a user is using a device to access a resource over a network. The apparatus may detect at least one token indicating a change associated with at least one of the device, the network, or the resource. The apparatus may then determine to re-authenticate the user in response to the change. The apparatus may then request a password generated using personal information of the user, and receive a re-authentication token comprising the password generated using personal information of the user. The apparatus may then request, from the user, a second password. The request for the second password may include instructions on how to form the second password. The apparatus may receive a response comprising the second password and determine that the second password matches the password. The apparatus may then re-authenticate the user.02-21-2013
20130047224METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE ABSTRACTION - According to one embodiment, an apparatus may store a plurality of tokens associated with a session. The session may facilitate access to a resource by a user. The session may be identified by a session token. The apparatus may determine, based on a token-based rule, a second plurality of tokens required to facilitate determination of a risk token. The risk token may be used to facilitate determination of an access decision to the resource. The apparatus may determine that the plurality of tokens comprises the second plurality of tokens and generate a dataset token that represents the plurality of tokens. The apparatus may then communicate the dataset token to facilitate the generation of the risk token. The apparatus may receive the risk token and correlate it with the session token to facilitate determination of the access decision.02-21-2013
20130047225Method and Apparatus for Token-Based Tamper Detection - According to one embodiment, an apparatus may store: a hard token representing identification information of the device, a network token representing the status of a network, and a resource token representing information associated with a resource. The apparatus may further store secured copies of the hard token, network token, and resource token. The apparatus may receive a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered, and in response, determine to inspect at least one of the hard token, network token, and resource token. The apparatus may then compare the at least one of the hard token, network token, and resource token with its corresponding secured copy. If at least one of those tokens does not match its corresponding secured copy, the apparatus may communicate a revalidation token indicating at least one token has been tampered.02-21-2013
20100071040SECURE SERVER CERTIFICATE TRUST LIST UPDATE FOR CLIENT DEVICES - A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 03-18-2010
20090328167NETWORK ACCESS METHOD AND SYSTEM - A method for controlling access to a communication network such as a Wi-Fi network includes a user device (12-31-2009
20120192255METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT - To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.07-26-2012
20130074167Authenticating Linked Accounts - Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.03-21-2013
20130074166SYSTEMS AND METHODS FOR SECURE AND EFFICIENT ENROLLMENT INTO A FEDERATION WHICH UTILIZES A BIOMETRIC REPOSITORY - A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository.03-21-2013
20130061299DISTRIBUTED COMPUTER SYSTEMS WITH TIME-DEPENDENT CREDENTIALS - A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.03-07-2013
20130061303Authentication System and Method in a Contactless Environment - A method of providing continuous authentication in a contactless environment is provided. The method includes providing a reader having a contactless interface, as well as a device, operable to communicate with the reader. The method further includes the steps of receiving at the reader a first authentication request from the device, and communicating from the reader a second authentication request to a secure transaction service. The secure transaction service holds authentication credentials relating to the device. Authentication credentials relating to the device are received at the reader from the secure transaction service, and the reader provides continuous authentication based at least in part on the authentication credentials received from the secure transaction service.03-07-2013
20130061300DISTRIBUTED COMPUTER SYSTEMS WITH TIME-DEPENDENT CREDENTIALS - A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.03-07-2013
20130061298AUTHENTICATING SESSION PASSWORDS - A method for authenticating a password is provided. An authentication server device receives a plurality of password segments associated with a password from a client device over a plurality of communication channels. The authentication server device reconstructs the password from the plurality of password segments based on a particular set of parameters identified by a selected session key identification number. The authentication server device sends the reconstructed password to a target device for comparison with a stored password associated with the client device. If the stored password matches the reconstructed password, then the target device establishes a session with the client device so that the client device may access a resource located on the target device. In addition, the authentication server device closes the plurality of communication channels established with the client device in response to the authentication server receiving a notification that the reconstructed password matches the stored password.03-07-2013
20130061302Method and Apparatus for the Protection of Computer System Account Credentials - There is described methods, systems and software for creating, managing and using authentication credentials. The invention maintains for each user two authentication credentials—external and internal authentication credentials that share the same number of authentication factors of the same type. These are stored in a data store [03-07-2013
20130061301DISTRIBUTED COMPUTER SYSTEMS WITH TIME-DEPENDENT CREDENTIALS - A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.03-07-2013
20090300743METHODS AND SYSTEMS FOR USER AUTHENTICATION - Method and systems for user authentication are provided according to the embodiments of the invention. The method mainly includes: sending, by a management station, an authentication request message of an authentication protocol to a managed device via a management protocol, and sending user authentication information to the managed device; and authenticating the user by the managed device via the authentication protocol or a authentication server based on the received user authentication information, and returning an authentication acknowledgement message of the authentication protocol carrying the authentication result to the management station via the management protocol. The system mainly includes a management station and a managed device; or, a management station, a managed device and a backend authentication server. With the present invention, methods and systems for user authentication with a good extensibility and a widened application are provided.12-03-2009
20090271853SYSTEMS AND METHODS FOR TIME VARIABLE FINANCIAL AUTHENTICATION - The systems and methods of the invention provide a technique for authenticating a finance related transaction. The method may include providing a token which contains a token counter, the token counter periodically advancing to generate a changing token value, the token counter being synchronized to a base counter that generates an authenticating value; transforming the token value into a token output sequence using logic; and outputting at least part of the token output sequence to an authenticating authority, the authenticating authority having access to the authenticating value. Further, the method includes the authenticating authority verifying the validity of the transaction based on the token output sequence and the authenticating value, from which the authenticating authority obtains a verification sequence using the logic, the verifying the validity including the authenticating authority comparing the token output sequence to the verification sequence to determine if there is a match between the token output sequence and the verification sequence.10-29-2009
20090271851System and Method for Installing Authentication Credentials on a Remote Network Device - A method for installing authentication credentials on a remote network device. A remote network device without valid authentication credentials may be connected to a port of an authenticating network switch, and the authentication protocols of the port may be enabled. A Network Access Control (NAC) credential service validates the remote network device comparing a received remote device identifier against a previously stored remote device identifier. The received remote device identifier may be received from the remote network device using a network when the remote network device attempts to access a private network. The NAC credential service disables the authentication protocols of the port in response to validating the received remote device identifier. The NAC credential service installs authentication credentials on the remote network device using encrypted data, so an untrusted entity cannot view the authentication credentials.10-29-2009
20090271850System and Method for installing Authentication Credentials On a Network Device - A method for installing authentication credentials on a network device. An intermediary computing device (e.g., client computer) downloads an application for installing the authentication credentials from a secure website. The application on the intermediary computing device requests authentication credentials from a Network Access Control (NAC) credential service. The application passes the authentication credentials received from the NAC credential service through the intermediary computing device to an endpoint (e.g., video conferencing device). The application installs the authentication credentials on the endpoint.10-29-2009
20090271849CONTENT TRANSFER SYSTEM AND METHOD, AND HOME SERVER - When an authentication request is made, processing for the authentication request is executed based on information about a first device even if account information set for a first storage system does not exist.10-29-2009
20090271848METHOD AND SYSTEM FOR COORDINATING DATA SHARING IN A NETWORK WITH AT LEAST ONE PHYSICAL DISPLAY DEVICE - An apparatus for coordinating data sharing in a computer network with at least one physical display device is provided. The apparatus includes a code generator generating at least one unique temporary session connection code (SCC), and a storage device storing associations between each of the at least one SCC and one or more of the at least one physical display device. An interface receives requests from one or more source computers to establish communications sessions for sharing data, and a processor in response to a request establishes a communications session between the requesting source computer and at least one physical display device only in the event that at least one condition is met. The at least one condition includes that a valid SCC is received with the request. The establishing is based on the received SCC. Related methods and computer programs are disclosed.10-29-2009
20090271847Methods, Apparatuses, and Computer Program Products for Providing a Single Service Sign-On - An apparatus may include a processor configured to receive a request for an access token from a remote entity, wherein the request includes an indication of a requested service. The processor may be further configured to determine a request type, wherein the request type may be a user identification and password combination, a request token exchange, or an access token exchange. The processor may be additionally configured to extract one or more parameters included in the request based upon the determined request type and to perform one or more security checks based at least in part upon the one or more extracted parameters. The processor may be further configured to create an access token based at least in part upon the results of the one or more security checks and to provide the access token to the remote entity.10-29-2009
20130185781METHOD AND DEVICE FOR REALIZING REMOTE LOGIN - The present disclosure provides a method and a device for realizing remote login. The method includes: a terminal server responding to a login request to an internal system from an end user, and recording and saving login information of the end user for logging in to the internal system; and the terminal server judging and analyzing the way the end user logs in to the internal system according to the login information and pre-configured rule, and allowing the end user to log in to and access the internal system if the analyzed result matches the pre-configured rule. The method and device allows for implementations of the SSO authentication and user bind authentication on the aspect of the data flow in the terminal server, simplifies the process of logging in to and accessing the internal system, and improves the information security of the system.07-18-2013
20130185779SYSTEM AND METHOD FOR TWO-FACTOR USER AUTHENTICATION - Provided is a two-actor user authentication system with a reduced risk of leakage of authentication information.07-18-2013
20090055911METHOD FOR COMPUTING THE ENTROPIC VALUE OF A DYNAMICAL MEMORY SYSTEM - Methods, devices, and systems are provided for optimizing the dissemination of information in various types of systems such as an access control system. More specifically, there are provided various mechanisms to increase the efficiency with which system updates and other types of information are spread throughout an access control system having at least one non-networked reader.02-26-2009
20090055910SYSTEM AND METHODS FOR WEAK AUTHENTICATION DATA REINFORCEMENT - This document discusses, among other things, a system and methods for weak authentication data reinforcement. In an example embodiment, authentication data is received in a request to authenticate a user. In response to authentication being detected to be weak authentication data, it may be determined whether the request to authenticate is associated with a human user. An example embodiment may include initiating an authentication process based on determining that the request to authenticate is associated with the human use.02-26-2009
20130067545Website Security - A system and method for employing fingerprints for user authentication on a website is described. Embodiments of the invention employ a fingerprint scanner integrated into a USB device to scan a current user's fingerprint, and compare it against a stored fingerprint associated with the authorized user. If the current user is determined to be the authorized user, a user name and password associated with a requested website and stored on the USB device is entered onto the website. In one embodiment, the USB device is a password bank that both generates and stores passwords for various websites, removing the need for user memorization altogether.03-14-2013
20120272304CRAWLING SECURE DATA SOURCES - It is desirable to provide a secure search mechanism to provide for searching over any and all content, such as across an enterprise. A secure search, however, requires access to the secure content repositories holding the data to be searched. In some cases the credentials required to crawl a repository may be extremely sensitive, or the user may be reluctant or unwilling to store user identification information in memory or on disk for any longer than is absolutely necessary. An approach is provided that allows a user or an administrator to provide security credentials to be stored and used only during a crawl, and to erase the credentials from the system when the crawl is complete.10-25-2012
20090013391Identification System and Method - A system and a method is disclosed for securely identifying human and non-human actors. A computer implemented system and a method is also disclosed for securely identifying human and non-human actors.01-08-2009
20090007246SECURITY BASED NETWORK ACCESS SELECTION - A method and wireless device select a set of secure network connections (01-01-2009
20130167209SYSTEM AND METHOD FOR ACCESSING A SOFTWARE APPLICATION - Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.06-27-2013
20130167210METHOD OF ASSIGNING A USER KEY IN A CONVERGENCE NETWORK - Discussed is a method of operating a CPNS (converged personal network service) gateway apparatus. The method includes transmitting a registration request message including user information to a server; transmitting an installation request message including the user information to a terminal; generating first authentication data on the basis of authentication information received by a user input; transmitting a trigger message including the first authentication data to the terminal; receiving a key assignment request message including second authentication data from the terminal in response to the trigger message; transmitting the received key assignment request message to the server; receiving a key assignment response message including a user key for the terminal in response to the key assignment request message; and transmitting the received key assignment response message to the terminal.06-27-2013
20080295159Method and System for the Authentication of a User of a Data Processing System11-27-2008
20110041167TECHNIQUES FOR PROVIDING SECURE COMMUNICATIONS AMONG CLIENTS WITH EFFICIENT CREDENTIALS MANAGEMENT - A method, server and client for protecting communications among a plurality of clients, for use in a networked communication system comprising a server and the plurality of clients, the plurality of clients comprising at least a first client and a second client, are provided. The method includes communicating, from the first client to the server, a request for a credential token for a communication between the first client and the second client, selecting, by the server, the credential token for the communication between the first client and the second client, communicating, from the server to each of the first client and the second client, the selected credential token, and communicating, between the first client and the second client using security algorithms and information contained in the credential token received from the server.02-17-2011
20120102554METHODS AND SYSTEMS FOR ESTABLISHING SECURE AUTHENTICATED BIDIRECTIONAL SERVER COMMUNICATION USING AUTOMATED CREDENTIAL RESERVATION - A method of authenticating communications includes receiving, by a computer, a first set of credentials, verifying the first set of credentials by comparing the first set of credentials to a plurality of sets of credentials stored in a database, subsequent to verifying the first set of credentials, deriving a second set of credentials, and transmitting notification of the second set of credentials to a remote computer.04-26-2012
20100138903Ticket-Based Implementation of Content Leasing - The present invention is a method and system for accessing digital content stored on a computing device. An agreement between a subscriber and a content provider allows the subscriber to lease the digital content from the content provider, and download the digital content from a content server operated by the content provider. The method retrieves a service ticket for the computing device, and retrieves content rights for the digital content. The service ticket includes authorization data, and a session key, where the authorization data include authorized subscription services for the computing device. The content rights include required subscription services for the digital content and are delivered authenticated with the session key. The method allows access to the digital content when the authorized subscription services included with the authorization data match the required subscription services included with the content rights.06-03-2010
20110179475METHOD FOR PROVIDING ACCESS TO A SERVICE - A system is described comprising a service provider and an identity provider. A user requests access to the service provider and the service provider seeks user credentials from the identity provider. In use, the service provider issues an authentication request, which request specifies details of a plurality of acceptable authentication formats. The identity provider responds to the request either by providing authentication details for said user in one of the formats specified in the request, or by returning an error message indicating that it cannot support any of the specified authentication formats.07-21-2011
20090183244AUTOMATION TOOL FOR PROVIDING USERS WITH SECURITY ACCESS TO AN ELECTRONIC SYSTEM - A method for providing multiple users with security access to an electronic system is provided. The method comprising: providing a plurality of parent security roles, wherein each parent security role includes a plurality of transactions authorized to be performed in the electronic system, providing a plurality of child security roles, wherein each child security role is derived from one of the plurality of parent security roles, setting up the multiple users in the electronic system and their associated user passwords, assigning one of the plurality of child security roles to each of the multiple users to provide the multiple users with security access to the electronic system at once, and providing each of the multiple users with security access to the electronic system, via the associated user password, in accordance with the child security role assigned to the user.07-16-2009
20090077643VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.03-19-2009
20110302640CYBER GENE IDENTIFICATION TECHNOLOGY BASED ON ENTITY FEATURES IN CYBER SPACE - A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters.12-08-2011
20110302639SERVER APPARATUS, AND CONTROL METHOD AND COMPUTER-READABLE STORAGE MEDIUM THEREFOR - A server apparatus capable of preventing unauthorized use of services by a third party through an electronic appliance that stores information used for user authentication by the server apparatus. The server apparatus receives, from an information processing apparatus, pieces of user identification information, pieces of appliance identification information, and pieces of use permission/prohibition information representing on a per service type basis whether uses of services are permitted or prohibited, and stores them so as to be associated with one another. When determining based on use permission/prohibition information, which is associated with a combination of user identification information and appliance identification information that are accepted from an electronic appliance, that use of a service represented by service type information accepted from the electronic appliance is permitted, the server apparatus transmits screen information for use of the service to the electronic appliance.12-08-2011
20110302638Staged Control Release In Boot Process - Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.12-08-2011
20090187980METHOD OF AUTHENTICATING, AUTHORIZING, ENCRYPTING AND DECRYPTING VIA MOBILE SERVICE - The present invention provides a method of authenticating, authorizing, encrypting and decrypting an application by utilizing a mobile secure server as the platform that can allow the subscriber to authenticate, authorize, encrypt or decrypt a document or an application through the mobile secure server. The account user can register and activate the service to have a secure banking transaction, such as online payment. A request message is submitted via an electronic device to an application server, which performs specific operations in accordance with the instruction of the request message, and sends the request message to the mobile secure server, wherein the mobile secure server will forward the request message to the account mobile telecommunication device that hosts the digital ID and certificates to be sued to authenticate, authorize, encrypt or decrypt the request message and then sends back a reply message to electronic device via the account mobile telecommunication device, application server and mobile secure server.07-23-2009
20110289569METHOD AND SYSTEM FOR IMPLEMENTING AND MANAGING AN ENTERPRISE IDENTITY MANAGEMENT FOR DISTRIBUTED SECURITY - An Enterprise Identity Management system includes a registration component, an ownership component, and an audit component. The registration component is configured to associate a user ID with specific accounts that are accessible via a computer system. The ownership component is configured to verify the ownership of the accounts. The audit component is configured to perform periodic checks to ensure the validity of the association between the user ID and the ownership of the accounts.11-24-2011
20110289566ENTITY REGISTRATION IN MULTIPLE DISPERSED STORAGE NETWORKS - A method begins by a processing module outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN. The method continues with the processing module receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID. The method continues with the processing module generating a global public-private key pair and a local public-private key pair and generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair. The method continues with the processing module generating a local CSR based on the local UUID and a private key of the local public-private key pair, sending the global and local CSRs to a certificate authority (CA), and receiving a signed global certificate and a signed local certificate.11-24-2011
20110289567SERVICE ACCESS CONTROL - A USB memory stick, or similar device, is provided having software installed thereon to enable a user to access restricted applications without a user device needing to handle user credential data. In use, the stick receives a request from the user device for access to an application, obtains first user identification information from the user device, uses the first user identification information and the application information to obtain user credentials from an identity management system, which user credentials are required by the application in order to grant the user access to the application, and provides the user credentials to the application without the user credentials needing to be provided to the user device.11-24-2011
20110296505CLOUD-BASED PERSONAL TRAIT PROFILE DATA - A system and method is disclosed for sensing, storing and using personal trait profile data. Once sensed and stored, this personal trait profile data may be used for a variety of purposes. In one example, a user's personal trait profile data may be accessed and downloaded to different computing systems with which a user may interact so that the different systems may be instantly tuned to the user's personal traits and manner of interaction. In a further example, a user's personal trait profile data may also be used for authentication purposes.12-01-2011
20110296504MULTIPLE ACCESS AUTHENTICATION - Apparatus, systems, and methods may operate to receive, at a generating identity provider (IDP), original user credentials sufficient to authenticate a user directly from a user machine, or indirectly from an initial identity provider. Additional activities may include generating, by the generating IDP, generated user credentials having the lifetime of a login session associated with the user, the lifetime initiated approximately when the original user credentials or a token associated with the user are/is validated at the generating IDP. Still further activities may include receiving a request associated with the user during the login session to access an application protected by an agent, and transmitting at least part of the generated user credentials from the generating IDP to the application to authenticate the user to the generating IDP while the login session is not terminated or expired. Additional apparatus, systems, and methods are disclosed.12-01-2011
20110296506METHODS AND APPARATUS FOR INTERACTIVE MULTIMEDIA COMMUNICATION - Embodiments of the invention provide a method and apparatus for establishing a synchronized interactive multimedia communication among a plurality of users. The method includes generating, at a first device, first information associated with a multimedia content selected by a first user. The first information is generated based on parameters. The method includes transmitting the first information to a second user. The first and second user is associated with a social computer network. Further, the method includes, at second devices, receiving the first information from the social network. The method includes processing the first information to establish a synchronized multimedia interactive communication between the second and the first user. The presentation of the multimedia content in the synchronized interactive multimedia communication is synchronized among the first device and the second device(s). The synchronized interactive multimedia communication is performed along with the presentation of the multimedia content.12-01-2011
20090037992Apparatus, system, and method for generating and authenticating a computer password - An apparatus, system, and method for constructing, transmitting, and authenticating a password utilized by an authentication device to authenticate an access device. The authentication device receives the password from the access device, authenticates the access device if the password matches stored information, and returns an acknowledgment message that includes an index value associated with a stored character set. The access device constructs and transmits the password. The access device receives from a user, a plurality of predefined characters forming a User ID. The access device also receives the acknowledgment message and index value from the authentication device. The index value is used to identify a set of password modification factors from a plurality of sets stored in a lookup table. The access device utilizes the identified set to modify a password, and transmits the password to the authentication device.02-05-2009
20100005520PERSONAL AREA SOCIAL NETWORKING - Techniques for managing the exchange of contact information are provided. Requests to establish connections on social networks and/or exchange contact information between users are held in escrow. The level of contact information and/or social network information shared between the users is configurable on a per user basis. Users may define levels of contact information and social network information to be shared with others based on the type of contact. Spam protection may be provided by requiring that both parties consent to a connection request before connections between the users are established.01-07-2010
20100169958Method for generating and using composite scene passcodes - One disclosed embodiment for creating a composite scene passcode comprises presenting a system-generated composite scene passcode to a user, allowing the user to generate a composite-scene passcode by selecting one scene element per scene dimension, or allowing the user to enter an alphanumeric password that encodes the composite scene passcode. Certain embodiments also comprise combining the passcode with an alphanumeric password. The composite scene may be two dimensional, three dimensional, or greater than three dimensions, and/or the scene may be animated. A computer system using a composite scene passcode also is disclosed. One embodiment of the system comprises a display for displaying a composite scene passcode or plural scene dimensions for generating the composite scene passcode. Authentication may comprise using scene elements arranged categorically and requiring the user to select the correct scene element from among distracter elements within the same category. The system may also include an input device.07-01-2010
20100269162WEBSITE AUTHENTICATION - Embodiments of website authentication including receiving a request from a user to view a website within a graphical user interface (GUI); generating a one time password (OTP); storing the generated OTP in a database; displaying the generated OTP on the GUI; verifying an identity of the user by receiving an identification datum from a communication device; receiving an entered OTP from the user; comparing the entered OTP with the generated OTP; and communicating whether the website is authenticated.10-21-2010
20100269163COMPUTER ACCESS SECURITY - A method is provided for improved computer access security, the method including protecting an access record to prevent password access to a computer via the access record, creating an alternate access record corresponding to the protected record, enabling password access to the computer via the alternate record, providing the alternate record with the access level of the protected record, and configuring the alternate record to indicate a supplemental security program to be executed once a correct password for the alternate record is provided.10-21-2010
20110219438METHODS AND APPARATUS FOR SECURITY OVER FIBRE CHANNEL - Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.09-08-2011
20090271852System and Method for Distributing Enduring Credentials in an Untrusted Network Environment - A system and method for distributing enduring credentials for a secure network in an untrusted network environment is disclosed. The method includes providing temporary credentials to an untrusted user. The temporary credentials can be communicated to a computing device connected to a network switch. The network switch can relay the temporary credentials to an authentication server within the secure network. The computing device can be authenticated to verify it is authorized to be connected to the secure network. Enduring credentials can be transmitted from the secure network to the computing device in an encrypted format to enable the computing device to communicate within the secure network through the network switch without providing access to the enduring credentials to the untrusted user.10-29-2009
20090222896NETWORK SYSTEM, METHOD FOR CONTROLLING ACCESS TO STORAGE DEVICE, MANAGEMENT SERVER, STORAGE DEVICE, LOG-IN CONTROL METHOD, NETWORK BOOT SYSTEM, AND UNIT STORAGE UNIT ACCESS METHOD - A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user.09-03-2009
20100005517IPTV CONTENT SHARING IN IMS NETWORK - A Content Sharing AS facilitates the sharing of IPTV content distribution sessions between users in an IMS network. A first user's request to share an ongoing IPTV session is routed to the Content Sharing AS, with a SIP URI of a second user with whom to share the content, identification of the desired content, and the Mcast address of the IPTV session. The Content Sharing AS joins the IGMP session group and sends the first user a SIP URI for the content and a unique authentication token. The first user sends the content URI and token to the second user, such as via a SMS message. The second user may then send an SIP INVITE message toward the URI, which the IMS system routes to the Content Sharing AS. The second user provides the authentication token, which the Content Sharing AS uses to authenticate the second user, and share the IPTV content.01-07-2010
20090083840INFERENCE SEARCH ENGINE SECURITY - In some aspects of the invention, a method for determining access to data stored within one or more databases is described. The method includes the aspects of receiving a user request from a user at an inference engine for access to the data, wherein the inference engine is in communication with a rules database, including one or more rules governing access rights to the data. Moreover, the method includes the aspects of creating a user credential based on the application of one or more of the rules to a identity information related to the user. Further, the method includes the aspects of comparing the created user credential and the user request at the one or more databases to determine whether the user meets the access rights for retrieving the data. Furthermore, the method includes aspects of determining an answer as to whether the access of the data is permitted or denied.03-26-2009
20090125995Method and System For Accounting Access by Users to Data Networks, Related Computer Program Product - A system for the time-based accounting of access by users to services provided by a data network includes a primary access node to provide access by users by establishing via the primary access node a steady connectivity between the users and the network. A secondary access node is associated with the primary access node, such secondary access node being configured for acting as a backup node to maintain connectivity in the case of failure involving the primary access node. The primary access node is configured for issuing a request for credentials for any user requesting access to said data network and, as a result of receiving valid credentials from the user, starts time-based accounting for the user. An authentication node cooperative with the primary access node and the secondary access node stores the secondary access node information items concerning the time-based accounting started for the user. The time-based accounting is thus maintained in the case of failure involving the primary access node as connectivity is maintained by the secondary access node.05-14-2009
20090178124REMOTE DEVICE COMMUNICATION PLATFORM - Managing via a web portal a remote device from a source device connected to a communication network. A device ID is assigned to the remote device, and a remote management software for remote management of the remote device is not installed on the source device or the remote device. Based on the assigned device ID, a connection is established with the remote device via the communication network. A first instruction is received from a user for authenticating access to the web portal. The user is authenticated in response to the received first instruction. An online status is established for the authenticated user. A second instruction is received from the authenticated user requesting access to the remote device. The device ID of the remote device is validated. The validated device ID is associated with the authenticated user. A connection is established between the remote device and the web portal.07-09-2009
20090320108Generating And Changing Credentials Of A Service Account - Technologies are described herein for generating and changing credentials of a service account. In one method, a credential schedule is retrieved. The credential schedule specifies when a plurality of credentials are scheduled to be changed. A determination is made whether a current credential associated with the service account is scheduled to be changed according to the credential schedule. Upon determining that the current credential is scheduled to be changed, at least part of a new credential is generated. The current credential is replaced with the new credential for the service account.12-24-2009
20090125997Network node with one-time-password generator functionality - Structures and methods are disclosed for facilitating secure connectivity of a remote client to an enterprise network using OTP-enabled nodes of a remote access platform. Embodiments described herein include an OTP device associated with a client device (for example and without limitation, an OTP device residing within a PC card associated with a laptop or desktop computer) defining a first node of a remote access platform; and an OTP server defining a second node of a remote access platform that generates and maintains the same OTP as the OTP device at the first node, for purposes of authenticating the client device and/or user of the client device.05-14-2009
20090064295SYSTEM, METHOD, AND APPARATUS FOR ON-DEMAND LIMITED SECURITY CREDENTIALS IN WIRELESS AND OTHER COMMUNICATION NETWORKS - A method includes storing a security credential associated with a communication network on a portable storage device. The method also includes detecting removal of the portable storage device from a specified location. The method further includes allowing at least one communication device to communicate over the communication network using the security credential. In addition, the method includes revoking the security credential after a specified time period has elapsed. The portable storage device could represent a card, and the specified location could represent a card reader/writer. Also, the communication network could represent a wireless network, and the security credential could represent a cryptographic key.03-05-2009
20090064296COMMUNICATION SYSTEM, METHOD FOR TRANSFERRING INFORMATION, AND INFORMATION-COMMUNICATION DEVICE - A first information-communication device generates first biometric pattern used for comparison based on user biometric information retrieved by a biometric sensor, and sends the generated first biometric pattern to a second biometric information-communication device. The second information-communication device compares the first biometric pattern sent from the first information-communication device with second biometric pattern, which is user biometric pattern stored in memory, and sends the second biometric pattern to the first information-communication device when the compared biometric pattern matches. The first information-communication device then stores the second biometric pattern sent from the second information-communication device.03-05-2009
20110271331Assignment and Distribution of Access Credentials to Mobile Communication Devices - A server storing a pool of unassigned access credentials selects an access credential from the pool, assigns it to an individual, identifies a mobile communication device associated with the individual, and pushes the access credential to the mobile communication device over a secure and authenticated channel such that the access credential is receivable by the mobile communication device. If the mobile communication device supports a proximity technology and is proximate to an access node that supports the proximity technology, the mobile communication device employs the proximity technology to present the access credential to the access node.11-03-2011
20110197269METHOD AND SYSTEM FOR SPLIT MEDIUM MAIL SOLUTION FOR CUSTOMER COMMUNICATIONS - The present teachings provide and method and system for a split medium mail for customer communications. The present application relates to techniques and equipment used to create a single page summary communication included in a mailpiece to be mailed to a customer. The single page summary contains information necessary to access a full version of the customer communication by way of secure web access.08-11-2011
20110131639Secure PIN Management of a User Trusted Device - A mechanism is provided for secure PIN management of a user trusted device. A user trusted device detects a memory card coupled to the user trusted device. The user trusted device receives user input of an external PIN (ext_PIN). The user trusted device identifies a key (K) associated with the external PIN, wherein the key is stored in the persistent memory. The user trusted device computes a card PIN (card_PIN) using a function (f) and the key as stored on the persistent memory, wherein the card PIN is computed using the following equation: card_PIN=f(K, ext_PIN). The user trusted device unlocks the memory card using the card PIN, thereby forming an unlocked memory card.06-02-2011
20090328165Method and apparatus for generating one-time passwords - A method and apparatus are provided to allow a user of a communications device to utilize one-time password generators for two-way authentication of users and servers, i.e., proving to users that servers are genuine and proving to servers that users are genuine. The present invention removes the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods, e.g., telephone, web interfaces, automatic teller machines (ATMs), etc. Also, the present invention may be utilized in consumer and enterprise applications.12-31-2009
20130219479Login Using QR Code - Systems and methods are disclosed herein for a user to use a trusted device to provide sensitive information to an identity provider via QR (Quick Response) code for the identity provider to broker a website login or to collect information for the website. A user may securely transact with the website from unsecured devices by entering sensitive information into the trusted device. The identity provider may generate the QR code for display by the website on an unsecured device. A user running an application from the identity provider on the trusted device may scan the QR code to transmit the QR code to the identity provider. The identity provider may validate the QR code and may receive credential information to authenticate the user or may collect information for the website. Advantageously, the user may perform a safe login to the website from untrusted devices using the trusted device.08-22-2013
20090094687System and methods for key challenge validation - This document discusses, among other things, a system and method for detecting an initiation of a transaction and generating a string of characters based on the detection. A first portion of the string of characters may be presented in such a way as to be distinguished from a second portion of the string of characters. In various example embodiments, the transaction is validated based on an identification of the first portion of the string of characters.04-09-2009
20100122332FILE SERVER FOR TRANSLATING USER IDENTIFIER - A file server including: a first interface coupled to a client computer which manages a client side user identifier used by the client computer to identify a client computer user; a second interface coupled to a first storage storing first file system data and a first file system side user identifier used by the first file system to identify the client computer user, and a second storage storing second file system data and a second file system side user identifier used by the second file system to identify the client computer user; a processor which receives a client computer's first access request to the first file system, obtains a first file system identifier which identifies the first file system and the first file system side user identifier, and translates the first file system side user identifier to a first client side user identifier using the first file system identifier.05-13-2010
20100122330AUTOMATIC LOCAL LISTING OWNER AUTHENTICATION SYSTEM - A method and apparatus for verifying that a user is the owner of a public listing is provided. The user selects an option to claim ownership of the public listing offered by an online service provider. The online service provider uses information regarding the user and the public listing to generate a verification code. The online service provider delivers the verification code to the owner of the public listing via the contact information provided by the public listing. If the user owns the public listing, the user receives the verification code via contact information associated with the public listing. The user verifies ownership by inputting a code to the online service provider. If the inputted code matches the verification code, then the online service provider identifies the user as the owner of the listing. Once verified, the user modifies the listing.05-13-2010
20100146602CONDITIONAL SUPPLEMENTAL PASSWORD - A password protected machine where a primary alternative password and a secondary alternative password are assigned, but the secondary alternative password cannot be used to gain access unless and until the primary alternative password has been deactivated. Also, a password protected machine where a user is assigned at least two alternative passwords, and where the use of one alternative password will automatically deactivate the other password. Preferably, there is a primary password and a secondary password such that: (i) the use of the primary password does not deactivate the secondary password, but (ii) the use of the secondary password does deactivate the primary password.06-10-2010
20110197268CAPTCHAS THAT INCLUDE OVERLAPPED CHARACTERS, PROJECTIONS ON VIRTUAL 3D SURFACES, AND/OR VIRTUAL 3D OBJECTS - Techniques are described herein for generating CAPTCHAs that include overlapped characters, projections on virtual three-dimensional (3D) surfaces, and/or virtual 3D objects. A CAPTCHA is a type of challenge-response test that a content provider may present to users for authorizing the users to access content that the content provider hosts. For example, when a user attempts to access content, a CAPTCHA may be generated in accordance with one or more of the techniques described herein and provided to the user. The user may be asked to identify characters that overlap in the CAPTCHA, characters that are projected on a virtual 3D surface, and/or a designated virtual 3D object, so that the user may be authorized to access the content. The user may enter the characters and/or select the designated virtual 3D object that is identified in the CAPTCHA using an input device, such as a keyboard, touch screen, pointing device, etc.08-11-2011
20110191834Maintaining the Domain Access of a Virtual Machine - A method for maintaining domain access of a virtual machine is described. According to one embodiment, a generation of a new computer account password by an operating system is identified. The new computer account password is copied to an auxiliary storage location. An existing computer account password is replaced with the new computer account password when it is determined that a file system of the computer has been restored to a previous state. The copying of the new computer account password may be performed in response to the generation of the new computer account password. The replacing of the existing computer account password may be performed in response to the restoring of file system to the previous state.08-04-2011
20100083358Secure Data Aggregation While Maintaining Privacy - Disclosed herein is a computer implemented method and system that securely aggregates and manages user related data in an online environment while maintaining privacy of a user. The user provides access credentials at a client device for each of multiple data sources. The access credentials are transformed to an unreadable format at the client device using a public key transmitted by a web server. The transformed access credentials in the unreadable format are stored locally on the client device. A communicating software agent on the client device communicates the stored access credentials to the web server. The web server transforms the communicated access credentials to a readable format using a private key and retrieves the user related data by accessing the data sources using the access credentials in the readable format. The web server presents the retrieved user related data to the user in one or more presentation modes.04-01-2010
20100083357REMOTE REGISTRATION OF BIOMETRIC DATA INTO A COMPUTER - Systems and arrangements for permitting the transmission of fingerprint authentication data to a system remotely, while also permitting the system to employ such data as well as passwords in order to operate a computer system, while ensuring a reliable level of security for any group or organization using such systems and arrangements.04-01-2010
20100100948RULES DRIVEN MULTIPLE PASSWORDS - A rules driven multiple passwords system is provided wherein a list of stored passwords are used in rotation over time in accordance with a set of rules or conditions managed by the system. With such an arrangement, the currently active password of a system User may automatically be changed, in accordance with the rules or conditions, to the next password in the list. The User is notified as to the newly assigned password.04-22-2010
20100100947SCHEME FOR AUTHENTICATING WITHOUT PASSWORD EXCHANGE - Aspects relate to systems and methods implementing a scheme allowing a Verifier (V) to authenticate a Prover (P). The scheme comprises pre-sharing between V and P a graph of nodes. Each node is associated with a polynomial. V sends P data comprising data for selecting a polynomial of the graph, such as traversal data for proceeding from a known node to another node, a time interval, and a number k. P uses the time interval in an evaluation of the polynomial. P then uses the evaluation as a λ in a Poisson distribution, and determines a value related to a probability that a number of occurrences of an event equals k. P sends the determined value to V. V performs a similar determination to arrive at a comparison value. P authenticates V if the separately determined values match, or otherwise meet expectations. The process can be repeated to increase confidence in authentication.04-22-2010
20120291109USER INFORMATION UTILIZATION SYSTEM, DEVICE, METHOD, AND PROGRAM - A user information utilization system includes: a user information storage means that stores user information; a temporary ID acquisition means that acquires a temporary ID for identifying the identicalness of a user between a plurality of devices or a plurality of service providers, the temporary ID being an identifier corresponding to a user of the stored user information; a user information comparing/determining means that compares legitimately-read user information of a plurality of users read in response to acquired two or more temporary IDs and a user information comparison/determination request that designates a predetermined condition that represents a desired relationship between a plurality of users represented by the two or more temporary IDs to thereby determine whether the relationship between the designated users satisfies the predetermined condition, and outputs the determination result; and a process execution means that receives the comparison/determination result for the user information and executes a predetermined process based on the received comparison/determination result.11-15-2012
20120291108SECURE USER CREDENTIAL CONTROL - In some embodiments, a user has use a single universal text- or image-based secret for generating a service-provider specific identity credential, for example username plus password, for authentication is derived. A human (i.e., the user) must interpret an image to enter this universal text (or image) based secret. For example, an image based challenge is presented to the user, and a credential is obtained based on the user's response to the challenge.11-15-2012
20090288152AUTOMATIC POPULATION OF AN ACCESS CONTROL LIST TO MANAGE FEMTO CELL COVERAGE - System(s) and method(s) provide access management to femto cell service through access control list(s) (e.g., white list(s)). White list(s) includes a set of subscriber station(s) identifier numbers, codes, or tokens, and also can include additional fields for femto cell access management based on desired complexity. White list(s) can have associated white list profile(s) therewith to establish logic of femto coverage access based on the white list(s). Various example aspects such as white list(s) management, maintenance and dissemination; automatic population or pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided. A component can implement automatic population of white list fields based at least in part on a set of received identifiers. In addition, autonomously determined identifiers can be employed to populate a white list. Identifier(s) available for automatic population are validated prior to inclusion in a white list, to ensure the identifier(s) are allowed for inclusion therein.11-19-2009
20090089865NETWORK ACCESS AND PROFILE CONTROL - A method and apparatus for managing network profiles and/or access to a network. Network profiles stored in a computer may be deleted and/or a connection to a wireless network may be disabled when a corresponding access period for the network has been exhausted. The access period may define an amount of time, a number of connections, a number of bits or packets of information, or other measure of connectivity to a network and/or maintenance of profile information related to the network that may be limited in some fashion.04-02-2009
20090089867System and method providing secure access to computer system - A system and method for providing secure access to a computer system. An access device divides the password into multiple segments and places them in data packets. In one embodiment, an authentication server has multiple addresses, and each packet is sent to a different address. The server then reassembles the password. In another embodiment, when the server receives a password, the server sends an index value back to the access device, which then accesses the server on another address indicated by the index value. Alternatively, the password is sent to multiple addresses for the server, and the server determines whether any of the received packets have been altered. The multiple password packets may be forced to follow different paths to the server, thereby denying hackers the ability to intercept all of the password characters or determine the inter-packet timing factor. The system is effective against passive and active hackers, Trojans, and phishing techniques.04-02-2009
20110173684ANYTIME VALIDATION FOR VERIFICATION TOKENS - Systems and method for producing, validating, and registering authentic verification tokens are disclosed. Such systems and methods include generating verification token specific key pairs. The key pairs can be signed by a verification token manufacturer master key or public key certificate for an additional level of authenticity. Related methods and systems for authenticating and registering authorized verification token manufacturers are also disclosed. Once a verification token manufacturer is authenticated, it can be assigned a manufacturer-specific key pair or certificate and in some cases, a predetermined set of serial numbers to assign to the verification tokens it produces. Each serial number can be used to generate a verification token specific key pair specific to the associated verification token. One component of the verification token key pair can be stored to the verification token. Optionally, the component of the verification token key pair stored to the verification token can be signed by the manufacturer specific master key or certificate and stored a verification token public certificate.07-14-2011
20080209530Method And System For Receiving And Providing Access To Information At A Web Site - At a vendor-managed web site, purchasing information is received from a first terminal, including purchasing information that is customized for a customer. The customer includes first and second users having respective first and second levels of authorized access to the purchasing information. The first user is identified by a first identifier, and the second user is identified by a second identifier. To a second terminal, access at the vendor-managed web site is provided to: only a first portion of the purchasing information in response to receiving the first identifier from the second terminal which identifies the first user; and at least a second portion of the purchasing information in response to receiving the second identifier from the second terminal which identifies the second user. The second portion includes at least a part of the first portion and a third portion of the purchasing information. The part of the first portion includes at least a portion of the customized purchasing information.08-28-2008
20120144462SYSTEM, APPARATUS AND METHODS FOR HIGHLY SCALABLE CONTINUOUS ROAMING WITHIN A WIRELESS NETWORK - In one embodiment, an apparatus includes a first access point within a wireless network. The first access point is configured to identify a communication device within a radio frequency (RF) range of the first access point. The first access point is also configured to request a session key associated with the communication device from a first network controller associated with the first access point in response to the communication device being identified. The first access point is further configured to receive the session key associated with the communication device from a second network controller associated with a second access point having an RF range partially overlapping the RF range of the first access point.06-07-2012
20120144465DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.06-07-2012
20110173685METHOD FOR TERMINAL CONFIGURATION AND MANAGEMENT AND TERMINAL DEVICE - A method for terminal configuration and management includes: acquiring a configuration file, where the configuration file includes server account information; configuring the server account information in the acquired configuration file onto a Device Management Tree (DMT) of a terminal; based on the server account information, establishing a management session between the terminal and the server, and performing management and subsequent configuration on the terminal during the session. A corresponding terminal device and a corresponding system are also provided. Through the method, the terminal can determine, according to protocol version information supported by or corresponding to the corresponding server and carried in a configuration packet, a protocol that should be used for communication with a server, and perform configuration according to the correct protocol version, thus improving the operation efficiency.07-14-2011
20090282465MANAGEMENT APPARATUS AND CONTROL METHOD OF MANAGEMENT APPARATUS - A management apparatus capable of communicating with a plurality of external devices includes a storage unit to store management information including authentication information for authenticating a user in the external device, a first transmission unit to transmit an authentication result of the user in the external device and user information necessary for authenticating the user by the external device among the management information to the external device by referring to the management information stored in the storage unit in response to a request from the external device, a selection unit to, when a content of the management information is changed, select an external device to be a transmission destination of the changed management information based on the change thereof, and a second transmission unit to transmit the changed management information to the external device selected by the selection unit.11-12-2009
20090288153INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - An information processing apparatus that can easily and safely transmit data. A registering unit registers first authentication information in association with user information indicating a first user. The first authentication information is necessary for the first user to log on to the information processing apparatus. A generating unit generates an address data that is used to transmit data from an external apparatus to the information processing apparatus and includes the user information and second authentication information. A transmitting unit transmits the address data to the external apparatus. An authenticating unit authenticates by utilizing the second authentication information included in the address data when the data is transmitted based on the address data from the external apparatus. A storing unit stores the received data in association with the first user when the authentication by the authenticating unit succeeds.11-19-2009
20090293111THIRD PARTY SYSTEM FOR BIOMETRIC AUTHENTICATION - A method of authenticating an identity of a user includes launching a user interface and obtaining biometric data of a user at the user interface. The method further includes comparing the biometric data of the user to stored biometric information of the user that was previously obtained during an enrollment process. A comparison result is generated and provided to a third party system documenting if the stored biometric information was satisfied, wherein the third party system is configured to utilize the comparison result to authenticate an identity of the user11-26-2009
20090293110Upload apparatus, server apparatus, upload system, and upload method - An upload apparatus includes: an outputter configured to output a code image including information of an ID and a password necessary for uploading content onto a network; and an uploader configured to upload the content onto said network by use of said code image outputted by the outputter.11-26-2009
20090119761Apparatus and computer program product for password generation - The generation of a unique password using a secret key and an application name is disclosed. Other passwords may be generated for other applications using the same key. A user provides a key that is not easily able to be guessed by third parties. The user also inputs a name of an application for which a password is desired. The system utilises the application name and the secret key to generate a unique password for that application, using standard encryption techniques. The system generates the same password for that application and secret key combination every time. Alternate embodiments generate a user identifier from the same secret key and application name.05-07-2009
20090119759Method and Arrangement for Secure Authentication - A method and arrangement for utilising a generally available personal data terminal as a secure and reliable authentication factor for user authentication is described. Also, a method for secure transfer of data between two parties, a user and a service provider, where the user generates a unique authentication factor adapted for user authentication (05-07-2009
20080276307Computer System and Access Right Setting Method - IC cards (R11-06-2008
20110202981CONTENT PRESENTATION-TYPE AUTHENTICATION SYSTEM - It is intended to achieve a user authentication system capable of forcibly presenting a content to a user. Provided is a content presentation-type authentication system designed to allow a client to perform a content presentation-type user authentication in which user authentication is performed in such a manner that a plurality of pattern elements arranged in a given pattern are presented as a presentation pattern to a user who intends to be authenticated, and a one-time password derivation rule is used as a password of the user and applied to certain ones of the pattern elements located at specific positions in the presentation pattern to create a one-time password, and a content is forcibly presented to the user in connection with the user authentication. The content presentation-type authentication system comprises an authentication-service providing server configured to manage respective user IDs and passwords of users, content data indicative of a detail of each of a plurality of contents, and respective content IDs of the plurality of contents, and provide content-added authentication information to each of the users, and a client having a content presentation-type user authentication program and a processor.08-18-2011
20080216161SYSTEM AND METHOD FOR SECURE CONFIGURATION OF SENSITIVE WEB SERVICES - The present invention discloses a system and method for configuration of access rights to sensitive information handled by a sensitive Web-Service. In a case of requested configuration changes initiated by the client system the Web-Server system provides a configuration data file to the client system preferably using a SOAP-communication protocol. The changes of the configuration data file are exclusively performed offline at the client side and the updated configuration data file is signed with authentication information and sent as a part of a SOAP-request to the Web-Server system. The Web-Server system provides a filter component for identifying and discarding non-SOAP requests as well as an access control manager for providing authentication examination for incoming SOAP-requests. After successful passing these components the SOAP-request is used for updating the existing configuration data file.09-04-2008
20100275250ACCOUNT RECOVERY VIA AGING OF ACCOUNT DATA POINTS - Embodiments are directed towards providing an aging of account data points usable in recovering access to an account. The aging functionality of account data points is configured to enable users who may have had access to their account compromised or otherwise denied, still be able to recover access. Account data points are time stamped when associated with an account. When a request is received to delete the account data point, the account data point is instead placed into an aging status for a time period. During the aging status time period, the account data point may still be used to recover access to the account. Moreover, after access is recovered using a certain account data point, any account data points created after the certain account data point may be deleted to minimize unauthorized access to the account.10-28-2010
20100005516METHOD AND SYSTEM FOR SECURE AGENT-LESS ENTERPRISE INFRASTRUCTURE DISCOVERY - A method and system for securing dynamic discovery of an enterprise computing infrastructure is provided. One implementation involves maintaining enterprise credential information in a secured trust store, receiving an access request through a secure connection for access to a remote infrastructure component, determining the type of the access request, for a root-level type access request, responding to the request via the secure connection with enterprise root credentials from the trust store, and for an unprivileged type access request, responding to the request via the secure connection with unprivileged access enterprise credentials from the trust store.01-07-2010
20090037990METHOD AND APPARATUS FOR DISTRIBUTED AUTHORIZATION BY ANONYMOUS FLEXIBLE CREDENTIAL - A method and apparatus for distributed authorization by anonymous flexible credential are provided. Pseudonym authority issues a root pseudonym to a user. The user may generate large amount of derived pseudonym from the root pseudonym. The user may obtain resource credentials from resource protectors by using derived pseudonyms. The user may select a set of resource credentials, generate a flexible credential from this set of resource credentials and request access to the resource corresponding to the set of resource credentials to a resource protector by using the flexible credential and a derived pseudonym. Revocation list for each resource may be maintained in the system such that any one of resource credentials of any user may be revoked without affecting other resource credentials of that user.02-05-2009
20090037991MANAGING TRANSFERS OF INFORMATION IN A COMMUNICATIONS NETWORK - The invention features various techniques for managing transfers of information in public packet switched communications networks. In one aspect, the invention provides a system for identifying updated items of network-based information, such as pages, to users in a network. A master server receives the data from each of a plurality of network servers and merges them into one or more master logs. The logs have entries that pertaining to creation of or changing of pages of information. Another aspect of the invention features a system for implementing security protocols. A proxy server translates links from a protocol incompatible with the network tool to a protocol compatible with the network tool and back-translates the link. Another aspect of the invention features a system for managing authenticating credentials of a user. A proxy server manages a user's authenticating credentials automatically on behalf of the user. Another aspect of the invention features a system for inducing advertisers to target advertisements to consumers. An advertising broker receives advertisements and messages indicating that users have read the advertisements, and causes an offer having monetary value to be executed. Another aspect of the invention features a system for extracting data from sources of network-based information in a communications network. An object embedding-program locates a script program and causes the script program to extract data from a page of information.02-05-2009
20090007247DOMAIN ID SERVICE - The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.01-01-2009
20100146603ANONYMOUS AUTHENTICATION-BASED PRIVATE INFORMATION MANAGEMENT SYSTEM AND METHOD - An anonymous authentication-based private information management (PIM) system and method are provided. The PIM method includes receiving an anonymous certificate not including user information from an anonymous certification authority; generating an anonymous document including the anonymous certificate and some of the user information; and providing the anonymous document to a web service provider so as to be authenticated and thus provided with a web service by the web service provider. Thus, only a minimum of user information may be provided to the web service provider. In addition, it is possible to strengthen a user's right to self-determination and control over the exposure and use of his or her personal information by allowing a user to manage his or her own personal information or entrusting the PIM server to manage user information. Moreover, it is possible to protect the privacy of a user by preventing the exposure of user information.06-10-2010
20080250480METHOD AND SYSTEM FOR AN ELECTRONIC BANK SAFE DEPOSIT BOX - A system and method for providing secure electronic storage in a plurality of electronic safes which each include a plurality of electronic compartments. The owner of each electronic safe can generate new compartments and determine who has access to each of the compartments in their electronic safe.10-09-2008
20090265769METHOD FOR AUTOMATICALLY GENERATING AND FILLING IN LOGIN INFORMATION AND SYSTEM FOR THE SAME - A system for automatically generating and filling login information to improve the security in storage and use of the login information. The system comprises a monitoring module, a registration module, and a login module; the monitoring module is coupled to the registration module and the login module; the monitoring module is adapted to check for an entry of login information corresponding to the identifier of the current page, and prompt a result to the user, and transmit a signal to the registration module and the login module to perform a registration and/or login operation; the registration module comprises a login information generation unit, a login information storage unit, and a first user confirmation unit; and the login module comprises a login information input unit and a second user confirmation unit. A method for the same is also disclosed.10-22-2009
20090064294Methods for selectively capturing and replicating one-time password generator functionality from device to device - Structures and methods are disclosed for selectively capturing (“peeling”) and replicating (“cloning”) OTP tokens from one device to another while maintaining OTP state. Embodiments described herein provide for sending, from a first device to a second device, state information including for example, a key, a current OTP sequence value and a time to expiry value corresponding to selected tokens to be cloned. The second device thereafter uses the state information to generate OTP sequences corresponding to the selected tokens in time-synchronization with corresponding authentication entities. Additionally, embodiments described herein provide for restoring the OTP sequence corresponding to the selected tokens on the first device following a loss of synchronization of the selected tokens on the first device.03-05-2009
20080282332Method For Executing a Protected Function of an Electric Field Unit and Electrical Field Unit - In order to develop a method for carrying out a protected function of an electrical field device in such a manner that a high degree of security against unauthorized accesses to the electrical field device can be ensured irrespective of the nature of the communication link between a user and the electrical field device, an identification device for the electrical field device and a security device are used to check whether a stated protected function of the electrical field device can be carried out, or should be refused. The invention also relates to an appropriately configured electrical field device.11-13-2008
20080235773Method of irrugalar password configuration and verification - A method of irregular password configuration and verification, comprising one irregular character series with a series of texts, numbers or symbols inputted into a system to generate a series of password displaying onscreen of a display device. The series of password comprises at least one register code and at least one random combination unit with a text and a number, or a symbol, wherein the register code is concealed in the random combination unit.09-25-2008
20080276308Single Sign On - A method to securely access systems (I, II) of a distributed computer system by entering passwords is described, wherein some systems are accessible by equal, and some systems are accessible by different passwords, comprising the steps of: 11-06-2008
20100275251TRANSFERRING CREDENTIAL INFORMATION - Credential information is received from a credential transfer server. The credential transfer server is identified by sending a credential transfer message to a network entity identified by a dynamic host configuration protocol server.10-28-2010
20100005519SYSTEM AND METHOD FOR AUTHENTICATING ONE-TIME VIRTUAL SECRET INFORMATION - A system for authenticating one-time virtual secret information includes a display device and an input device separated from each other, the display device having a central processing unit (CPU) and a memory and the input device having a CPU and a memory. An authentication server generates matching information, for display on the display device via a communication network. A user views this matching information and inputs the one-time virtual secret information to the input device. The input device then transmits the input one-time virtual secret information to the authentication server via a communication network, and the authentication server interprets the input one-time virtual secret information.01-07-2010
20080216160ROBUST DIGEST AUTHENTICATION METHOD - The present invention relates to a method of authenticating a user in a communication system comprising a user terminal and an authentication server which is capable of storing two types of nonce values, namely dedicated nonce values unique in the system and common nonce values shared between users in the system. In the method the authentication server receives (09-04-2008
20080209531Method, apparatus, and system for outputting information and forming image via network, and computer product - An information output apparatus includes a tray determining unit that determines an output tray to which printed sheets are output, a secret information generating unit that generates first secret information corresponding to tray identification information for identifying the output tray determined, a transmitting unit that transmits the first secret information generated by the secret information generating unit to a terminal, an input accepting unit that accepts an input of second secret information from a user, and a tray controlling unit that specifies the output tray based on the first secret information when the second secret information and the first secret information coincide with each other, and allows a slot of the specified tray to be open.08-28-2008
20080271127APPARATUS AND METHOD FOR CREATING STAND-ALONE BUSINESS INTELLIGENCE WIDGETS WITHIN AN AUTHENTICATION FRAMEWORK - A computer readable storage medium includes executable instructions to retrieve a list of one or more widgets from a repository. A set of items representing the list of one or more widgets is displayed. A widget is selected from amongst the one or more widgets in the repository. The widget is configured with a set of authentication credentials10-30-2008
20100146601Method for Exercising Digital Rights via a Proxy - A system and method for accessing digital content purchased by a rights owner for a first computing device. The method receives a proxy from the rights owner that includes rights to the digital content granted to the rights owner, stores the proxy on a second computing device, and determines whether the rights owner is present at the second computing device. When the rights owner is present at the second computing device, the method enables the proxy, and accesses the digital content on the second computing device through the proxy.06-10-2010
20120198530REAL TIME PASSWORD GENERATION APPARATUS AND METHOD - A method and apparatus for generating a password in real time by creating at least one password map during creation of an account associated with a user, and generating and providing a random password hint sequence grid to the user in real time, authenticating the user for accessing the account using a password created by the user, where the password is created by the user using the random password hint sequence grid and the at least one password map.08-02-2012
20120198529BLACKLISTING OF FREQUENTLY USED GESTURE PASSWORDS - A method of maintaining a blacklist for gesture-based passwords is provided. A data store of index values corresponding to gestures is maintained on a blacklist server. Upon receiving a new gesture based password, an electronic device converts the password to an index value and forwards that index value to the blacklist server. The blacklist server increases an occurrence of the received index value by one in a data store and if the increase results in a blacklist threshold being exceeded, the index value is inputted to the blacklist. A notification can be sent back to the electronic device if the forwarded index value is on the blacklist or is inputted to the blacklist.08-02-2012
20120198528METHODS AND SYSTEMS TO DETECT ATTACKS ON INTERNET TRANSACTIONS - A method and system are disclosed for detecting interference with a remote visual interface, such as a HTML webpage, at a client computer, particularly to determine if a malicious attack such as at HTML attack has occurred. When the web server receives a request for a page, a script is embedded in the page, and as a consequence the client computer requests at least one session key and at least one one time password from an enterprise server. The client computer also performs a check of the HTML interface present on the client computer, which an attack of this type would change. The result of the interface check, encrypted with the session key and one time password, is sent to the enterprise server, so that a comparison with the expected value for the website can be performed.08-02-2012
20120198527IP Multimedia Security - A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.08-02-2012
20080263644FEDERATED AUTHORIZATION FOR DISTRIBUTED COMPUTING - Distributed computing systems can exchange authorization information in a manner which alleviates the need for a receiving system to utilize any external systems when making an authorization decision. The trusted authorization provider can digitally sign authorization snippets of information. The requestor sends the digitally signed authorization snippet with the request. Because both computing processes trust the same authorization provider, the servicer of the request is able to grant or deny access in a completely autonomous fashion without having to rely on external resources for authorization. A requesting process can determine the digitally signed authorization snippet corresponding with the request. The servicing process can rely on the digitally signed authorization snippet to perform the authorization.10-23-2008
20090089864REMOTE MANAGEMENT OF TELECOMMUNICATIONS NETWORK ELEMENT DURING LICENSE EXPIRE AND RENEWAL PERIOD - A remote management method permits the management of a license on a network element in a telecommunications network. One or more features on the network element are enabled for a predetermined time according to a license provided to the network element. Management data is sent to and received from the network element on a first management data connection. User traffic utilizing the one or more features is sent to and received from the network element on a second user data connection. The second user data connection is distinguishable from and controllable independently of the first management data connection. If the license expires, then the second user data connection is blocked, and license management data is downloaded to the network element over the first management data connection while the second user data connection is blocked. The license on the network element is renewed using the license management data downloaded over the first management data connection. After the license is renewed, the user data connection is unblocked.04-02-2009
20090064298System and Program for Access Control - A system and program for a proxy server that forwards an access request from a client to a data server and forwards response data from the data server to the client. The proxy server includes a means for storing a first address location and an encoding format of the response data. The proxy server also includes a means for receiving a subsequent access request from the client, which includes a second address location encoded by the encoding format. A means is present in the proxy server for comparing the second address location to the first address location to determine if the second address location is related to the first address location. The proxy server also includes a means for decoding the second address location based on the encoding format in response to a determination that the second address location is related to the first address location.03-05-2009
20130191899ONE-TIME PASSWORD AUTHENTICATION WITH INFINITE NESTED HASH CLAIMS - Systems and methods for One-Time Password (OTP) authentication with infinite nested hash chains are described. In one aspect, a methodology includes a client device that provides a one-time password (OTP) authentication server with certain registration information. The client device generates, via the OTP authentication server, an authenticated OTP with infinite nested hash chains, These generating operations use a first hash function (hA (−)) for updating a seed chain, a second hash function (h07-25-2013
20130185782SYSTEMS AND METHODS FOR DUAL READER EMULATION - Systems and methods for emulating credentials are disclosed. In some cases, the systems include an access credential reader and an access credential writer. The access credential reader is communicably coupled to the access credential writer. The access credential reader is operable to receive information from an access credential, and to transfer at least a portion of the information to the access credential writer. The access credential writer is operable to transfer at least the portion of the information to an emulation access credential.07-18-2013
20090125994Communication between a human user and a computer resistant to automated eavesdropping - Communication between a human user and a computer over an insecure channel is accomplished by encoding user input using one or more character substitution tables. The character substitution tables are transmitted to the user over the insecure channel in a perceptually modified form which renders them difficult for use by automated adversaries but keeps them easily understandable by humans.05-14-2009
20090138948System and method for over the air communication authentication using a device token - A system and method are described for securing over the air communications between a service and a communication device. For example, one embodiment of a method for creating a security token on a communication device for communication between the communication device and a service includes combining a device identification of the communication device with a device capability to create a device information, the device capability known by the service. The method further includes encrypting the device information.05-28-2009
20130219478REDUCED AUTHENTICATION TIMES FOR SHARED-MEDIA NETWORK MIGRATION - In one embodiment, a management device in a computer network determines when nodes of the computer network join any one of a plurality of field area routers (FARs), which requires a shared-media mesh security key for that joined FAR. The management device also maintains a database that indicates to which FAR each node in the computer network is currently joined, and to which FARs, if any, each node had previously joined, where the nodes are configured to maintain the mesh security key for one or more previously joined FARs in order to return to those previously joined FARs with the maintained mesh security key. Accordingly, in response to an updated mesh security key for a particular FAR of the plurality of FARs, the management node initiates distribution of the updated mesh security key to nodes having previously joined that particular FAR that are not currently joined to that particular FAR.08-22-2013
20090165102ONLINE PASSWORD MANAGEMENT - This disclosure describes, generally, methods and systems for password management. In one embodiment, a method may include receiving, at a centralized password repository, requests from users. Each request may be configured to request a password to allow access to an associated application. In one embodiment, at least two of the users are at different locations. The method may further include performing a validation analysis for the users' credentials, and in response to verification of a user's credentials, transmitting a response including the password configured to provide access to the associated application.06-25-2009
20090178125Method and System for Creation and Validation of Anonymous Digital Credentials - A method and system for providing an online reputation of a client participating in one or more online forums. The method includes providing a unique client identifier associated with the client. In addition, a plurality of forum identifiers is provided for a plurality of online forums within which the client is participating, wherein each online forum is associated with a corresponding user profile. A plurality of unique verification codes is provided that is based on the plurality of forum identifiers and the client identifier. A plurality of verification sequences is provided for purposes of verifying a plurality of user profiles of the client associated with the plurality of online forums, wherein each of the plurality of verification sequences includes a corresponding verification code. Verification of a plurality of credentials associated with the plurality of user profiles is performed. A request is received that includes a corresponding verification sequence from a verifying entity for an online reputation of the client. The request is made in association with a first online forum within which the client is participating. A verified credential of a user profile that is associated with a second online forum is provided without revealing a user identity of the client that is associated with the second online forum.07-09-2009
20090165103APPARATUS AND METHOD FOR SHARING USER CONTROL ENHANCED DIGITAL IDENTITY - The present invention provides an apparatus for sharing a user control enhanced digital identity that allows a user to have all controls and control the flow of identity sharing on the user basis when the user shares user's personal information. According to the present invention, a user can decrease infringement of personal information due to illegal usage of the personal information by allowing a user to control usage of user's personal information and prevent the user's personal information from being carelessly used. Further, a provider that provides the services can efficiently associate the services between providers.06-25-2009
20090138949POSITION AND VELOCITY-BASED MOBILE DEVICE MANAGEMENT - A set of one or more positional control parameters includes at least one of a geographic limit, a velocity limit, and a direction of travel limit. A control list identifies at least one feature in a mobile device. The at least one feature may be associated with at least one of the positional control parameters.05-28-2009
20090178126SYSTEMS AND METHODS FOR PROVIDING USER-FRIENDLY COMPUTER SERVICES - A system for providing computer services includes a camera and an electronic device. The camera obtains recognition information for a user. The electronic device is operable for executing a first operating system for conducting user authentication according to the recognition information and for automatically operating a user-defined application program after the user passes said user authentication.07-09-2009
20090144814Automated Credentialing for Physicians and Other Professionals - An automated system for credentialing physicians or practitioners in other professions employs a databank of verified practitioner data on a central computer server. The file for each practitioner can include education, employment history, board certification record, and derogatory information, such as disciplinary proceedings, if any. A remote computer station can access the central computer server to download a credentialing profile on the computer screen. The computer station can have an RFID reader for inputting a practitioner identity code that uniquely identifies the respective practitioner. There may be RFID tags embedded in diplomas or certificates to aid in verifying authenticity.06-04-2009
20080320573Automated User Registration - For users to access network services such as video streaming from a device, users usually have to register themselves with the service first. Most registration mechanisms require a user to input a username, password, date of birth and other details. When implemented through a web interface, this mechanism is relatively easy for the service provider to provision. However, the problem is that users are required to manually enter significant amounts of information which can be both time consuming, especially on a mobile device where there usually no QWERTY input device, and susceptible to unintentional errors. The present invention proposes an automated registration process that does not require a user to enter any details manually except for the initial request to subscribe to a service. The process gathers information automatically about the user and the device used, which is then stored and used for user authentication during subsequent service requests following the initial subscription request. The subsequent requests for service also do not require the user to manually input any user data.12-25-2008
20110225634CAPTCHA (Completely Automated Public Test to Tell Computers and Humans Apart) Data Generation Methods and Related Data Management Systems and Computer Program Products Thereof - CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) data generation methods for use in a server and related management systems are provided. First, the server determines a first data set according to at least one first data corresponding to an operation to be performed, wherein the first data represents a sensitive data corresponding to the operation. Then, the server generates a group of CAPTCHA data corresponding to the first data set according to the first data.09-15-2011
20090031404Method and apparatus providing virtual private network access - A virtual private network device enables individual machines at a remote subnet to be visible and addressable from a central site by establishing a private address range for the remote machines, forming a virtual private network tunnel from the virtual private network device to the central site, and communicating the private address range to the central site to enable connections from the central site to individual machines on the remote subnet.01-29-2009
20090199279METHOD FOR CONTENT LICENSE MIGRATION WITHOUT CONTENT OR LICENSE REACQUISITION - Techniques for migrating content from a first set of conditions to a second set of conditions are disclosed herein. In particular, a content migration certificate is utilized to enable content migration and set forth under what conditions content may be accessed after migration. The content migration certificate may, for example, be stored as a file in a removable storage unit or transferred online once an indication that conditions have changed is received. The change in conditions may involve a new device attempting to access the content file, a new user attempting to access the content, or any other similar conditions. Access to the information in the content migration certificate may be protected by encryption so that only devices and/or users meeting the conditions of the certificate are permitted to transfer content. By accessing the content migration certificate in the prescribed manner, migration of content is enabled in a controlled and easy process.08-06-2009
20090199280AUTHENTICATION SERVER, AUTHENTICATION SYSTEM AND ACCOUNT MAINTENANCE METHOD - An authentication server, on receipt of a request to delete a user account, determines whether the account exists in a user authentication table. If the account exists, the authentication server deletes the account, and retrieves, from a requesters list in which information of devices from which users have to date requested user authentication is saved, an address of a device from which the user targeted for deletion has previously issued an authentication request, and issues a deletion request to that device together with account information. Similar processing to change a user account is performed in response to a change request.08-06-2009
20090199278System and method for authenticating a user of a wireless data processing device - A system and method for authenticating a user with a wireless data processing device. For example, a method according to one embodiment of the invention comprises: generating a new authentication code for a user at a data service, the data service communicatively coupled to a wireless device over a wireless network and to a client data processing device over a data network; transmitting the new authentication code to the wireless device; receiving a request from the user to connect to the service through the client data processing device over the data network; requesting the new authentication code from the user over the data network; receiving an authentication code entered by the user on the client data processing device over the data network; comparing the new authentication code with the authentication code entered by the user on the client data processing device; allowing access to resources on the service if the authentication code entered by the user matches new the authentication code; and denying access to resources on the service if the authentication code entered by the user does not match the new authentication code.08-06-2009
20090064297SECURE CREDENTIALS CONTROL METHOD - Methods, apparatus, and systems are provided to secure access to an account of a user. The account may have a system administrator. The user may have a credential for accessing the secure data on the account. The methods, apparatus, and systems involve setting a universal reset credential associated with the account, denying the system administrator of the account permission to change the first credential of the access feature, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential.03-05-2009
20110145898CONTROLLING ACCESS OF A CLIENT SYSTEM TO AN ACCESS PROTECTED REMOTE RESOURCE - The present invention provides a security module for Web application, especially a portal application, using a rewriter proxy. The security module ensures that the rewritten URIs are appended by an authentication identifier for determining whether the rewritten URI has not been changed. Preferably, the authentication identifier can be generated by applying a secure hash algorithm and/or secret key to the original URIs of the remote resource or the entire rewritten URIs. When a client activates those URIs, a request is sent to the rewriter proxy. Before a connection to the access protected remote resource is established, the security module validates whether the URIs contained in the user client request have been changed by the user.06-16-2011
20090064293METHOD AND APPARATUS FOR A COMMUNITY-BASED TRUST - Machine-readable media, methods, apparatus and system for a community-based trust are provided. In an embodiment, it may be determined whether a requesting node obtains a trust from a targeting node through an endorsement from an intermediate node. If the requesting node obtains the trust through the endorsement from the intermediate node, an intermediate trust level that indicates how much the targeting node trusts the intermediate node may be obtained; and a new trust level that indicates how much the targeting node trusts the requesting node may be calculated based upon the intermediate trust level.03-05-2009
20120079574Predictive Mechanism for Multi-Party Strengthening of Authentication Credentials with Non-Real Time Synchronization - A mechanism for strengthening authentication credentials for accessing any number of applications across multiple access interfaces and across multiple remote access sites is disclosed. The applications can be accessed by a set of authorized users by using multiple instances of a predictive scheme for generating and synchronizing the authentication credentials and by leveraging pre-existing infrastructure associated with the applications.03-29-2012
20120079573INFORMATION PROCESSING DEVICE, PASSWORD DIAGNOSING METHOD AND COMPUTER-READABLE MEDIUM - A user terminal includes a diagnosing unit 03-29-2012
20120079572SYSTEM AND METHOD FOR MANAGING USER TOKEN IN CLIENT DEVICE ON NETWORK - A user token management system in a client device on a network comprises an obtaining module, a web controller and a processing module. The obtaining module obtains a user token from a database in response to a retrieving request for retrieving authorization of a web service provider on the network. The web controller transmits an authenticating request for authenticating the user token to the web service provider and receives an authentication result authenticating the user token. The processing module deletes the user token from the database when that user token is not authenticated by the web service provider.03-29-2012
20120079571AUTOMATED ENCRYPTION AND PASSWORD PROTECTION FOR DOWNLOADING DOCUMENTS - A method receives a user login from a user. The method grants, to the user, access to a user account of the user maintained by a computerized document management system based on the user login. The computerized document management system is accessible to a plurality of users. The method receives a request from the user to provide a requested document and the method determines whether the requested document should be password protected. If the requested document should be password protected, the method generates a unique password for the requested document. The unique password is unique to the user and is based upon information contained within the user account by the computerized document management system. Again, if the requested document should be password protected, the method adds the unique password to the requested document to generate a password-protected document and sends the password-protected document to the first user.03-29-2012
20090055912USER AUTHENTICATION SYSTEM USING IP ADDRESS AND METHOD THEREOF - A method for authenticating a user by IP address check includes: receiving a URL and a session cookie from a client; determining whether or not an IP address of the client has been changed based on the session cookie; resetting the session cookie, if the IP address has been changed, by adding the changed IP address as a temporary IP address thereto; determining whether or not the URL is required to perform IP address check; requesting a re-login to the client if it is determined that the URL is required to perform IP address check; and adding the temporary IP address to a valid IP address list for the user if the re-login is successful.02-26-2009
20080263647System and Method For Providing Network Device Authentication - A secure framework for wireless sensor networks. The framework provides a system and method for providing network device authentication. The system and method comprises installing a unique device key in a network device and creating a chain of keys, wherein each subsequent key is encrypted using the previous key. The method executes an authentication process for storing and issuing keys, wherein the authentication process uses a unique device key to install a device site key in the network device and uses the device site key and the unique device key to authenticate the network device for communicating with a wireless network router, wherein the wireless network router creates a unique network-device-router key. The unique network-device-router key is used to authenticate the network device for communicating over the wireless network using an encrypted network session key and allows secure encrypted link-layer communications over the wireless network.10-23-2008
20080263646SYSTEMS AND METHODS FOR A COMPUTER NETWORK SECURITY SYSTEM USING DYNAMICALLY GENERATED PASSWORDS - Methods and systems for a computer network security system are disclosed. A computer security system includes at least one computer configured to be operably coupled to a remote network and having an application program comprising a login scripts database and a variable database. The security system further includes a client device configured to be operably coupled to the computer to allow for the use of the application program. The application program is configured to dynamically generate a password upon attempting to access a remote network. Furthermore, the application program may update passwords within a user's login scripts database. Additionally, a remote network may support the security system and may include at least one computer system having an administrator application program installed thereon and configured to receive a network device and an administrator device. A network administrator may use the network and administrator device to monitor and modify contents of the security system.10-23-2008
20080263645PRIVACY IDENTIFIER REMEDIATION - A secure server installation is provided that abstracts credit card identifiers from its server, network, application and database environments, thus reducing investment in securing, segregating and/or isolating these environments in their entirety. The secure server installation intercepts credit card transactions sent from front end applications to back end applications, and forwards tokens in replacement of credit card identifiers for processing by the back end applications.10-23-2008
20080263643METHOD AND SYSTEM FOR PASSWORD APPLICATION - Methods, systems, and program products for a client application provide child passwords mapped to a parent password authorized for login to a secure network resource server. A child user logs in to the client application by entering the child password. When a child user properly requests a secure resource from the secure network resource server, the client application uses the authorized parent password to login to the secure server and retrieve a secure resource without communicating the child password to the secure server. The child user login session is administered by the local application pursuant to access rules or limitation parameters associated with the child password. Child passwords may be set to expire. The client application may also monitor secure server access by a child user; monitored use may also be reported, and an access rule or password limitation parameter may be revised in response to monitoring and use reporting.10-23-2008
20080263642SYSTEMS AND METHODS FOR A COMPUTER NETWORK SECURITY SYSTEM USING DYNAMICALLY GENERATED PASSWORDS - Methods and systems for a computer network security system are disclosed. A computer security system includes at least one computer configured to be operably coupled to a remote network and having an application program comprising a login scripts database and a variable database. The security system further includes a client device configured to be operably coupled to the computer to allow for the use of the application program. The application program is configured to dynamically generate a password upon attempting to access a remote network. Furthermore, the application program may update passwords within a user's login scripts database. Additionally, a remote network may support the security system and may include at least one computer system having an administrator application program installed thereon and configured to receive a network device and an administrator device. A network administrator may use the network and administrator device to monitor and modify contents of the security system.10-23-2008
20110231910TECHNIQUES FOR VIRTUAL PRIVATE NETWORK (VPN) ACCESS - Techniques for virtual private network (VPN) access are provided. A dynamic determination, in response to privileges, is made as to whether a principal and a device of a principal are to receive a thin client virtual private network (VPN) installation for a thin client VPN session between the principal and a remote site or whether a clientless VPN session is appropriate. Dynamic switching between the clientless VPN session and thin client VPN session is permissible when the principal supplies the appropriate credentials for such a switch.09-22-2011
20120144466MANAGING PASSWORDS USED WHEN DETECTING INFORMATION ON CONFIGURATION ITEMS DISPOSED ON A NETWORK - Disclosed embodiments include a method for receiving, at a configuration information server, an encrypted password associated with a configuration item, where the encrypted password is encrypted using an encryption key. The method further includes encrypting a decrypted password to generate a reencrypted password, where the decrypted password is derived from the encrypted password. The method further includes transmitting the reenrypted password to the configuration item and removing the decrypted password from the configuration information collection server.06-07-2012
20120144463SYSTEM AND METHOD FOR EXTENDING SECURE AUTHENTICATION USING UNIQUE SESSION KEYS DERIVED FROM ENTROPY - In some aspects of the present disclosure a device is disclosed that includes a processor; a storage unit; a user interface; a transceiver; a device identifying unit arranged to store device identifying data; a memory unit arranged to store machine-executable instructions that when executed by the processor causes a password to be generated, based on the device identifying data, that is arranged to allow the device to access a public wireless local area network (PWLAN).06-07-2012
20090205030Controlling Access to a Process Using a Separate Hardware Device - A method and apparatus for automatic user authentication are described. The method includes receiving information at a device, the device including a credential container; storing the information at the credential container and performing cryptographic calculations on the received information and providing the encrypted information upon request.08-13-2009
20090205029MANAGEMENT APPARATUS - A management apparatus comprising memory to store owner information, dependence relationship information, and authorized user information are associated with file information identifying the secret file, an authorized user determination unit to determine whether a source user of the browse request is registered as the authorized user of the browse request file, a dependent file specifying unit to specify a dependent file having a dependence relationship with the browse request file by referring to the dependence relationship information when the source user is authorized; and a browse permission response transmitting unit to transmit the browse permission response to the source user based on whether or not the source user is registered as the authorized user of the dependent file by referring to the authorized user information.08-13-2009
20090205027Album drive - The present invention is a system and method of selectively distributing media content to consumers, the system comprising essentially of a USB-type storage device loaded with media content, a network and a user interface system. The method comprises essentially of providing a USB-type storage device loaded with media content, distributing the device to retail outlets, instructing a user to contact a network that is in electronic communication with the USB-type storage device, selectively registering the media content on the network, activating the USB-type storage device, displaying the activated media content to the consumer on a display device associated with the user interface system, and providing a means to upload media content onto the USB-type storage device in the event the media content becomes corrupted or erased.08-13-2009
20090210933System and Method for Online Content Production - A system and method for online content production is provided. Customized orders for content, such as a customized video to be used by a content requester (e.g., a business), can be created using a central website. The business can specify a location at which the content is to be produced, as well as desired shots to be included in the content. A plurality of content providers can register with the present invention to obtain assignments to produce content in response to the orders. The content provider creates the content at the location(s) specified in the order, including shots specified in the order. After the content has been produced, the content provider uploads the content to the central website, wherein the uploaded content is reviewed to determine whether it complies the specifications of the order. Content can be downloaded by the business, and payments for the content can be disbursed in accordance with pre-defined royalty distributions.08-20-2009
20090222897Systems and methods for authorization of information access - Systems and methods according to the present invention provide a proactive approach to controlling access to information that may be correlated with a governmentally issued personal identifier. Included are systems and methods for proactive control of information access and liability incursion. Further included are systems and methods for emulating information access to an authorized person. Generally, a method according to the present invention includes the steps of requesting verification from a subscriber at any time that information is requested from registered information holders and any time that liability may be incurred through registered information holders. In this way, the subscriber, rather than reacting to invasive information or identity theft, may proactively control access to such information, thereby preventing the theft in the first place.09-03-2009
20090249456SYSTEM AND METHOD FOR AUTHORIZING AND VALIDATING USER AGENTS BASED ON USER AGENT LOCATION - An embodiment of a method includes receiving a request from a user agent to use a communication network, determining that the user agent is not recognized on the communication network, and requiring submission of location information prior to allowing the user agent to use the network. An embodiment of a system includes a recognition module configured to determine whether the communication device is recognized in response to a request to use a communication network from the communication device, a notification module configured to notify the communication device that the communication device is not recognized, wherein notification that the communication device is not recognized indicates that location information must be submitted prior to the communication device using the communication network; and a location update module configured to receive submitted location information and update the location of the communication device based on the location information.10-01-2009
20090249457ACCESSING SECURE NETWORK RESOURCES - The disclosed implementations generally provide a user access to a secure network resource (e.g., a website, chat application). In some implementations, access to a secure network resource is provided by a communication terminal in communication with a secure access service. The communication terminal detects a presence of a unique identifier (e.g., a Bluetooth MAC address stored in a mobile device), and passes the unique identifier and cryptographic information (e.g., a key code or digital certificate) to the secure access service. The secure access service validates the integrity of the unique identifier and authenticates the user of the device by reading the cryptographic information (e.g., reading the certificate).10-01-2009
20100005515SYSTEMS AND METHODS FOR ASSOCIATE TO ASSOCIATE AUTHENTICATION - Systems, methods and consumer-readable media for providing a platform between a requesting associate and an authenticating entity associate are provided. The method may include receiving a request for authentication from the requesting associate and transmitting the request to the authenticating associate. The method may include receiving a request for a single-use verification code from the authenticating associate in response to the request for authentication. The method may also include generating the single-use verification code, or, perhaps retrieving the single-use verification code from storage and transmitting the single-use verification code to the authenticating associate. Once the requesting associate has receiving the code from the authenticating associate, the requesting associate may enter the code. The system may then display the identity of the requesting associate on a workstation associated with the authenticating associate.01-07-2010
20110145897UBIQUITOUS WEBTOKEN - A first device receives, from a second device, a first request to set up an account, where the first request includes a shared key and information associated with the second device, where the shared key is calculated based on a private key, of a private key/public key pair, and information regarding an identity selection, from user identity information, associated with a user of the second device; and store the shared key in a memory. The first device receives, from the second device, a second request to log in to the account, where the second request includes a first webtoken and information associated with the second device, where the first webtoken is calculated based on the shared key and a first time interval; retrieves the shared key; generates a second webtoken based on the shared key and a second time interval; performs an authentication operation by comparing the first webtoken and the second webtoken; and permits the second device to access the account when the first webtoken matches the second webtoken.06-16-2011
20090260066Single Sign-On To Administer Target Systems with Disparate Security Models - A method and apparatus are provided for signing a user into a computer network associated with an automatic contact distribution system. The method includes the steps of providing a sign-on list that identifies a plurality of subsystems of the computer network of the automatic contact distribution system that the user had previously signed onto, detecting the user signing into the system, retrieving the sign-on list and automatically signing the user into each of the plurality of subsystems identified by the list.10-15-2009
20100192207Virtual service provider systems - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a network device executes a service controller for a plurality of device groups, in which the service controller includes a capability to securely partition one or more device group database partitions, each device group partition includes service controller system settings, and each device group includes a plurality of communication devices controlled by a virtual service provider.07-29-2010
20100180324Method for protecting passwords using patterns - A method, system and computer program for protecting the password by limiting the password's validity to the user's active session. The present invention provides for password to automatically change for each session and only the user will be able to construct the valid password for the session. The user provides to the authentication system, a password pattern, embedding symbols in to a string. The embedded symbols are substituted by elements of parameters. The parameter elements and the symbols that represent them are defined by the authenticating system. The parameters contain either time driven or random string of characters and digits as elements. The user builds a password using the values of the elements in the session parameters and the user's password pattern's memory hint recalled from memory. The authenticating system generates the valid password for the session using the password pattern the user has provided. If the users built password matches the authenticating system generated password, secured access is allowed otherwise access is denied.07-15-2010
20100263030METHOD FOR ESTABLISHING AN AGENCY RELATIONSHIP TO PERFORM DELEGATED COMPUTING TASKS - A method is disclosed for establishing an agency relationship to perform delegated computing tasks. The method provides for initiation of the agency relationship, establishment of credentials to perform a delegated computing task, and performance of the delegated computing task. Benefits of establishing an agency relationship in a computing environment include improved security, efficiency, and reliability in performing delegated computing tasks.10-14-2010
20100192208METHOD AND SYSTEM FOR PREVENTING IMPERSONATION OF A COMPUTER SYSTEM USER - A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided. The method comprises receiving a first request from a user to change the user's password on a target system to be changed, sending a “change password” request for the user to the target system, storing the user's new password, receiving a second request from the target system on behalf of the user for access to a sensitive resource, wherein the second request contains information about the user's password, and denying the second request if the information about the user's password is not consistent with the user's stored new password.07-29-2010
20100263029METHOD AND SYSTEM FOR GENERATING ONE-TIME PASSWORDS - A method for one-time password generation, the one-time password being used for user authentication by a restricted resource. The one-time password is generated by means of a mathematical algorithm in a user-specific device, and the one-time password is generated by the mathematical algorithm using at least one user-specific password generation parameter. A first password generation parameter is used for generating a first one-time password for use in user authentication by a first restricted resource, and a second password generation parameter is used for generating a second one-time password for use in user authentication by a second restricted resource, the second restricted resource being different from the first restricted resource, and the first and second password generation parameters being distinct.10-14-2010
20090077642COOPERATION METHOD AND SYSTEM BETWEEN SEND MECHANISM AND IPSEC PROTOCOL IN IPV6 ENVIRONMENT - The present invention relates to a method of embodying a cooperation system between SEND and IPSec in an IPv6 environment. The cooperation system between SEND and IPSec in accordance with the present invention includes: receiving an authentication completion report message including a first IP address of a host whose authentication is completed by the SEND; generating new authentication information corresponding to the host and storing the new authentication information in a temporary storage area, if authentication information for the host is not present in the temporary storage area, wherein the authentication information includes the first IP address; and if an authentication check request message including a second IP address is received from the IPSec, checking whether the second IP address is present in the temporary storage area, and sending the result of checking to the IPSec. The present invention allows the authentication information shared between SEND and IPSec in a mobile environment, where the network is frequently accessed, enabling IPSec secure communication at a lower cost.03-19-2009
20090077641COLLABORATIVE PROCESSING USING INFERENCE LOGIC - A collaborative engine electronically processes a request for a result using inference logic. If insufficient goals are provided to resolve the request, a partial result is generated as a function of one or more unresolvable goals. The request for a result may be processed with two or more collaborative engines using workspace chaining, to process information from/to multiple domains or systems which have security restrictions preventing full flow of information between them. Inputs available to the workspace of one collaborative engine are resolved as far as possible and a partial result based on that processing is generated and transmitted for further processing in the workspace of another collaborative engine. The invention may be used for determining a routing path for data or telephonic communication to/from a user of a communication network, or for processing of a management action for a component of an electronic data network, or a commercial transaction.03-19-2009
20100162373MANAGEMENT OF HARDWARE PASSWORDS - In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware.06-24-2010
20100242101METHOD AND SYSTEM FOR SECURELY MANAGING ACCESS AND ENCRYPTION CREDENTIALS IN A SHARED VIRTUALIZATION ENVIRONMENT - A computing system for managing a virtual server includes a machine remote from the virtual server that operates a provisioning service, a credentials server remote from the virtual server, and at least one guest server manager running on a guest host associated with the virtual server. The provisioning service obtains credentials from the credentials server and delivers them to the at least one guest server manager. The server manager acts under the direction of the provisioning service.09-23-2010
20100229225SYSTEM AND METHOD FOR SECOND FACTOR AUTHENTICATION - As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.09-09-2010
20100212000SYSTEM, METHOD AND PROGRAM FOR USER AUTHENTICATION, AND RECORDING MEDIUM ON WHICH THE PROGRAM IS RECORDED - A method, and system, and computer program product for authenticating a user. A first server of a plurality of servers receives an access request from the user to access a federated computing environment that comprises multiple servers. After receiving the access request, the first server: receives input authentication information from the user, obtains a server address of a second server having an authentication policy that matches an authentication policy of the first server, transmits the input authentication information to the second server via the server address of the second server, receives from the second server a notification that the second server has successfully authorized the user, and permits the user to access the federated computing environment.08-19-2010
20100146604Password protection system and method - A system and method for providing a password to a user on a network, the network having provider computer and a user computer, the provider computer comprising a password system configured to issue a password to a user of the user computer for use in accessing age-restricted content once a determination has been made that the user is age appropriate.06-10-2010
20100235893SYSTEM AND METHOD FOR ASSOCIATING MESSAGE ADDRESSES WITH CERTIFICATES - A system and method for associating message addresses with certificates, in which one or more secondary message addresses are identified and associated with a user-selected certificate. The secondary message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device. When a message is to be encrypted and sent to an individual using a particular certificate, an address mismatch would not be detected so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses associated with the certificate include any message addresses contained within the certificate itself (“primary message addresses”) as well as any secondary message addresses that have been subsequently associated with the certificate.09-16-2010
20100218242SYSTEM AND METHOD FOR PROVIDING SECURITY BACKUP SERVICES TO A HOME NETWORK - Methods and systems of providing security backup services to a home network are described. In one embodiment, the gateway for a home network is registered with a service provider. A network device is enrolled with the home network, and periodically reenrolls. The device detects whether the gateway has been replaced between enrolling and reenrolling, and if it has been replaced, determines whether the new network gateway has been endorsed by the service provider.08-26-2010
20110023100Device Ownership Transfer From A Network - A home relationship is established between a device and a network by storing an ownership record in the device that identifies the network, and storing in the network a device identifier that identifies the device. Thereafter, communication is established between the device and the network. The ownership record is then transmitted from the network to the device, and automatic access to the device is granted to the network once the device verifies the transmitted ownership record against the ownership record stored in the device. In addition, the device identifier is transmitted from the device to the network, and automatic access to the network is granted to the device once the network verifies the transmitted device identifier against the device identifier stored in the network.01-27-2011
20100122327SECURE AUTHENTICATION FOR ACCESSING REMOTE RESOURCES - Methods, systems, and apparatus, including computer program products, for secure authentication for accessing remote resources are disclosed. In some implementations, a user is authenticated for a first time on an interface using a first communications channel; the user is authenticated a second time on the interface using a second communications channel; access privileges are determined based on authenticating the user for the second time; and a random Uniform Resource Locator (URL) is generated based on the access privileges, where the random URL is single-use and indirectly associated with a requested resource.05-13-2010
20100122329AUTHENTICATION BASED ON USER BEHAVIOR - One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity.05-13-2010
20110113476METHOD AND DEVICE FOR GENERATING A TIME-DEPENDENT PASSWORD - There is provided a system and method for generating a time-dependent password in a security device using time information. An exemplary method comprises checking whether the security device has access to an external time signal. The exemplary method also comprises requesting a user of the security device to enter the time information, if it is determined that the security device has no access to the external time signal. The exemplary method additionally comprises generating a time-dependent password using the time information entered in response to the request.05-12-2011
20090328168METHOD FOR REGISTERING AND CERTIFICATING USER OF ONE TIME PASSWORD BY A PLURALITY OF MODE AND COMPUTER-READABLE RECORDING MEDIUM WHERE PROGRAM EXECUTING THE SAME METHOD IS RECORDED - The present invention relates to a method of registering a one-time-password user in a one-time-password terminal by the one-time-password terminal, in an environment including the one-time-password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, a one-time-password server, and a one-time-password database server for storing information on the one-time-password user.12-31-2009
20100058449AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - An authentication system includes a plurality of personal authentication servers, a client terminal, a replacing portion and a renewing portion. The plurality of personal authentication servers store at least a part of enrolled data different from each other for user personal authentication and perform authentication with stored enrolled data according to authentication request from a client terminal. The client terminal stores identification information for specifying the personal authentication server storing each enrolled data, and requests an authentication to the personal authentication server specified with the identification information. The replacing portion replaces at least a part of the enrolled data between the plurality of personal authentication servers according to the authentication request condition to the plurality of personal authentication servers from the client terminal. The renewing portion renews the identification information according to the replacing result of the replacing portion.03-04-2010
20090328166REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.12-31-2009
20110067092AUTOMATIC PROVISIONING OF AUTHENTICATION CREDENTIALS - Methods and systems of automatically provisioning authentication credentials on a plurality of network devices. The method may include determining a process for provisioning the authentication credentials for the plurality of devices. The process may include steps of gaining access to a network device, entering a command to reach a network service interface associated to the network device, indicating a location of the authentication credentials, and initiating installation of the authentication credentials. The method may also include providing a computer program to follow the process. The computer program may be a script that is automatically executed without a user intervention. The method may further include developing a list of the plurality of devices that need to be provisioned, associating the list of the plurality of devices to the computer program, executing the computer program for each device, and outputting whether each of the plurality of network devices has a successful authentication credential update.03-17-2011
20090320111SECURE LEGACY MEDIA PERIPHERAL ASSOCIATION WITH AUTHENTICATION IN A MEDIA EXCHANGE NETWORK - Aspects for secure access and communication of information in a distributed media network may include detecting when a legacy media peripheral is connected to a PC and/or a media processing system on the distributed media network. One or more identifiers associated with the legacy media peripheral may be established and utilized to facilitate communication of the legacy media peripheral over the distributed media network. At least one legacy media peripheral identifier and at least one identifier of a user utilizing the legacy media peripheral may be requested. The legacy media peripheral identifier may be a serial number of the legacy media peripheral, while the user identifier may be a user password and/or a user name. Media peripheral association software may be executed on the PC and/or the media processing system and utilized for media peripheral association and authentication in accordance with various embodiments of the invention.12-24-2009
20090320109SIGNED EPHEMERAL EMAIL ADDRESSES - Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user's creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address.12-24-2009
20090320110SECURE BOOT WITH OPTIONAL COMPONENTS METHOD - A method is executed which is for managing the optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit which stores a plurality of pieces of software and a plurality of certificates; a receiving unit which receives the certificates; and a selecting unit which selects one of the certificates. The device further includes an executing unit which verifies an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.12-24-2009
20090165104METHOD FOR IMPROVING SECURITY IN LOGIN AND SINGLE SIGN-ON PROCEDURES - In a method for improving client's login and sign-on security in accessing services offered by service providers over shared network resources such as Internet and particularly working within the framework of the www, a password is created for the client at a first attempt to access the service provider. The client's password is generated either at an authentication authority in trust relationship with the service provider and transmitted to the client, or the client is allowed to create his or her password on the basis of random character sequences transmitted from the authentication authority. For subsequent access to the service provider the authentication authority presents a client for characters in ordered sequences or in a diagram containing in an appropriate order a single occurrence of each password character. The client performs a selection of the password for validation and transmits the validation back to the authentication authority, which verifies the password and informs the service provider of the verification. In a most preferred embodiment the password characters are never transmitted between the authentication authority and the client in a validation and verification procedure, and the former is wholly disconnected from either the client's credentials or any transactions subsequently to be undertaken between the service provider and the client.06-25-2009
20090113531System and method for pooling and load distributing connection-oriented servers - There is provided a system and method for managing connections between computers and a server pool. An exemplary system comprises a file configured to store a list of a plurality of servers in the server pool. The exemplary system further comprises a session distributor configured to distribute communication sessions among the plurality of servers by directing multiple requests for a common communication session to a specific one of the plurality of servers based on the list. The exemplary method includes selecting a server from a list of a plurality of servers stored in a file, selecting a port number, generating login information, and linking the server, port number, and login information such that multiple requests for a common communication session are directed to the server.04-30-2009
20090113530User Authentication Based on Voucher Codes - An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.04-30-2009
20100223662PROGRAMMABLE ELECTRONIC ACCESS CONTROL SYSTEM - The invention relates to a programmable electronic access control system including: an updating unit which operates in conjunction with a central control unit and is provided with management software for global control of installation access. Access elements are associated with the entrance/exit routes, and a credential is associated with each system user. In addition, each updating unit includes means for the bi-directional transfer of data in relation to user credentials, and the central control unit. The updating unit transfers only the information concerning a particular user and the installation closure plan to the user credentials, while receiving information stored on the user credential relating to past events associated therewith, which have been transferred to each of the access elements.09-02-2010
20120144464METHOD AND SYSTEM FOR IMPROVED SECURITY - An improved authentication method and system is provided where a user securely accesses a variety of target servers for online email, online banking, credit card purchases, ecommerce, brokerage services, corporate databases, and online content (movies, music and software). The method involves a bridge server performing authentication tasks that allow a user to access a server or a group of servers with multiple security levels. The method eliminates the need for the user to remember multiple usernames/passwords for each target server. The method also allows one bridge server and one set of security devices to be used to authenticate the user for multiple servers, thereby reducing security costs and increasing user convenience. A location-based password-ID generating device is also described for secure location-based access.06-07-2012
20090037989METHOD FOR PRESENTING PASSWORD CODES IN MOBILE DEVICES FOR AUTHENTICATING A USER AT A PROTECTED INSTITUTION - The method of the invention allows presenting, in a friendly and intuitive form, to a user of a protected institution, access password codes arranged in the form of a table and to be individually and only once utilized for authenticating a user upon a respective operation to access said institution. The method proposed herein is particularly adequate for the representation of passwords in a mobile device, such as cell phone, PDA, and the like, utilizing a representation practically identical to the tables of printed passwords and already utilized by many users. There are additional advantages in relation to the use of printed tables, such as the possibility of highlighting a determined password, searching a determined index, protecting the tabular token application by password, and updating the passwords, and the like.02-05-2009
20090037988System and method of mutual authentication with dynamic password - A method of mutual authentication with dynamic password includes: generating a dynamic password and a first validation code by using a password generator; entering the dynamic password into a user interface; and transmitting the dynamic password to a verification host to verify the correctness of the dynamic password, if the dynamic password is correct, returning a second validation code to the user interface for a user to confirm whether the first validation code and the second validation code are the same or not. A system of mutual authentication with dynamic password is also disclosed. The above-mentioned system and method of mutual authentication with dynamic password can reduce the risk of phishing attack.02-05-2009
20130133049METHODS AND SYSTEMS FOR DETERMINING BIOMETRIC DATA FOR USE IN AUTHENTICATION TRANSACTIONS - A method for determining biometric data for use in conducting authentication transactions is provided that includes capturing biometric data from a user during an authentication transaction and capturing conditions of the authentication transaction with a device. The captured biometric data corresponds to desired biometric data. The method also includes transmitting the captured biometric data and conditions to an authentication system that stores biometric data and conditions therein. Moreover, the method includes determining that stored biometric data corresponding to the desired biometric data, associated with conditions that best match the captured conditions, is to be used for authenticating the user.05-23-2013
20130133050DEVICE FOR SHARING ANONYMIZED INFORMATION, AND METHOD FOR SHARING ANONYMIZED INFORMATION05-23-2013
20130139231SYSTEM AND METHOD OF VERIFYING A NUMBER OF A MOBILE TERMINAL - A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.05-30-2013
20130139232Method and Apparatus for Coordinating a Change in Service Provider Between a Client and a Server with Identity Based Service Access Management - A method of configuring a network access device connected to an access network connected to a plurality of service networks, the network device having a first network address allocated to a subscriber of services of a first service provider provided by a first service network, with a new network address allocated to a second subscriber of services of either the first service provider, or a second service provider provided by a second service network. The method comprises the steps of: sending a request from the network access device to the access network with user credentials for the second subscriber requesting access to the first service provider or a change to the second service provider; receiving a response from the access network; and initiating a network address change request using a configuration protocol. In this manner, a second network address allocated to the second subscriber of services of either the first or second service providers is assigned to the network access device to enable the network access device to communicate data packets to the service network providing the selected service.05-30-2013
20100325707Systems and Methods for Automatic Discovery of Systems and Accounts - In various embodiments, a method comprises scanning a directory structure to generate a scan result comprising a plurality of discovered systems, identifying one or more accounts associated with at least one of the plurality of discovered systems, configuring a security appliance to change one or more old passwords to one or more new passwords for the one or more accounts, and changing, with the configured security appliance, the one or more old passwords to the one or more new passwords.12-23-2010
20100325706AUTOMATED TEST TO TELL COMPUTERS AND HUMANS APART - Techniques for verifying a user is human as opposed to a machine are provided. A series of images may be presented to the user sequentially along with a challenge question that instructs the user to select the image that is responsive to the challenge question. If the user selects the correct image, there likelihood that the user is a human as opposed to a machine is greatly increased. Techniques for varying certain parameters associated with display of images and challenge question are also provided. The variations in these parameters may further help distinguish human users from machines.12-23-2010
20100333185GENERATING SECURITY MATERIAL - An apparatus and method establish a secure, direct, station-to-station communication between a first station and a second station in a topology (e.g., PBSS) having a central secret holder/provider that allows secure, direct, station-to-station communications and that allows secure station-to-station broadcast communications. The first station and the second station will have previously established a security association (SA) with a topology control point (PCP). The method includes creating pair-wise unique material for the first station. The pair-wise unique material is computed as a function of (i) a known shared secret associated with the PCP, (ii) a first piece of unique data associated with the first station, and (iii) a second piece of unique data associated with the second station. The method includes securely communicating the pair-wise unique material from the first station to the second station.12-30-2010
20110247060PORTABLE PASSWORD KEEPER WITH INTERNET STORAGE AND RESTORE - A system for portable storage of information with Internet storage and restore, including a portable memory device, the portable memory device being thumb-sized or smaller and readily attachable to computers, a server, at least one database in communication with the server including password information pertaining to each of a plurality of users, at least one user computer in communication with the server via the Internet, an interface providing each of the plurality of users with access to the server via the Internet, software executing on the server for receiving user-identifying data via the interface pertaining to a particular user, software executing on the server for retrieving password information associated with the particular user from the database, software executing on the server for transferring a copy of the retrieved encrypted password information from the database to the portable memory device via the user computer.10-06-2011
20100154041TRANSFORMING CLAIM BASED IDENTITIES TO CREDENTIAL BASED IDENTITIES - Claim based identities are transformed to a set of credentials and securely stored in a secure data store using a number of encryption schemes. The credentials are then used to authenticate applications requiring specific credential types. For each call to the secure store system, a client application may provide a claims token issued by a trusted source, which is used to search for corresponding credentials in the secure data store if the credentials have been created previously for the user.06-17-2010
20110119743COMMUNICATION OF CONTENT TO EVENT ATTENDEES - A method is provided for enrolling and authenticating an attendee of an event or activity so that content can be delivered to a mobile device associated with the attendee. The method includes receiving an identifier of a mobile communication device associated with an authorized attendee while the attendee and the mobile communication device are in a venue at which the event or activity takes place. The mobile communication device is registered by storing the identifier in a database of authorized attendees who have entered the venue. Entitlement credentials are communicated to the mobile device that are to be further communicated from the mobile device to a content server when requesting event or activity related content therefrom.05-19-2011
20110247059Methods and Apparatus for Role-Based Shared Access Control to a Protected System Using Reusable User Identifiers - Methods and apparatus are provided for role-based shared access control to a protected system using reusable user identifiers while maintaining individual accountability. Role-based access control is provided for a protected system by receiving a request from an end user to access a given protected system; determining a role of the end user for the access to the given protected system; receiving a privileged reusable user identifier and password for the given protected system and role; and providing the privileged reusable user identifier and password to the given protected system on behalf of the end user. Role-based access control is also provided for a protected system by receiving a request to verify an end user requesting access to a given protected system; determining a role of the end user for the access to the given protected system; and providing a privileged reusable user identifier and password for the given protected system and role. A status of the privileged reusable user identifier and password can optionally be maintained. One or more events associated with the privileged reusable user identifier and password can be logged and investigated.10-06-2011
20110131638PROCESS OF REMOTE USER AUTHENTICATION IN COMPUTER NETWORKS TO PERFORM THE CELLPHONE-ASSISTED SECURE TRANSACTIONS - This invention relates to processes of personal user authentication in computer and mobile wireless communications networks to perform transactions including payments. The process provides remote user authentication in various computer networks, the Internet inclusive, to perform secure transactions such as e-commerce and remote banking (on-line banking, remote banking, direct banking, home banking, internet banking, PC banking, phone banking, mobile-banking, WAP-banking, SMS-banking, GSM-banking, TV banking).06-02-2011
20110126272APPARATUS AND METHOD OF IDENTITY AND VIRTUAL OBJECT MANAGEMENT AND SHARING AMONG VIRTUAL WORLDS - A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed.05-26-2011
20110093936NETWORK SYSTEM, METHOD OF CONTROLLING ACCESS TO STORAGE DEVICE, ADMINISTRATION SERVER, STORAGE DEVICE, LOG-IN CONTROL METHOD, NETWORK BOOT SYSTEM, AND METHOD OF ACCESSING INDIVIDUAL STORAGE UNIT - A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user.04-21-2011
20100235892SYSTEM FOR, AND METHOD OF, PROVIDING THE TRANSMISSION, RECEIPT AND CONTENT OF A REPLY TO AN ELECTRONIC MESSAGE - A server transmits a message from a sender to a recipient. The server receives from the recipient an attachment relating to the message route between the server and the recipient. The server transmits to the sender the message and the attachment and their encrypted digital fingerprints and expunges the transmitted information. To subsequently authenticate the message and the attachment, the sender transmits to the server what the server has previously transmitted to the sender. The server then prepares a digital fingerprint of the message and decrypts the encrypted digital fingerprint of the message and compares these digital fingerprints. to authenticate the message. The server performs the same routine with the attachment and the encrypted digital fingerprint of the attachment to authenticate the attachment the recipient replies to the sender's message through the server. The server records proof of the delivery and content of the reply to the sender and the recipient.09-16-2010
20110247061COMPUTATION TO GAIN ACCESS TO SERVICE - Access to some aspect of a service may be limited until a user has invested in performing some amount of computation. Legitimate users typically have excess cycles on their machines, which can be used to perform computation at little or no cost to the user. By contrast, computation is expensive for for-profit internet abusers (e.g., spammers). These abusers typically use all of their computing resources to run “bots” that carry out their schemes, so computation increases the abuser's cost by forcing him or her to acquire new computing resources or to rent computer time. Thus, the providers of free services (e.g., web mail services, blogging sites, etc.), can allow newly registered users to use some limited form of the service upon registration. However, in order to make more extensive use of the service, the user can be asked to prove his legitimacy by investing in some amount of computation.10-06-2011
20110093937AUTHENTICATED DATABASE CONNECTIVITY FOR UNATTENDED APPLICATIONS - A custom database connectivity component is deployed in conjunction with a native database connectivity component and a credential manager. The custom connectivity component has a requestor interface for communicating with a requestor application, a credential service interface for communicating with the credential manager, a native database connectivity interface for communicating with native connectivity components, and a decision engine for determining how to convert a request from a requestor to an appropriate API call to the credential manager. The custom connectivity component provides an authenticated and authorized database connection for a requestor application. The component transparently serves retrieves database, or other target resource, credentials on a real time basis, without requiring code changes to the requestor application.04-21-2011
20110093935CONTROL OVER ACCESS TO DEVICE MANAGEMENT TREE OF DEVICE MANAGEMENT CLIENT - Provided is a control over access to a Device Management (DM) tree of a client. The client receives a secure area creation password from a server, creates a secure area by using the received creation password, and moves the DM tree to the secure area. In addition, the client receives a secure area access password from the server, accesses the secure area by using the received access password, and performs a remote management through a DM command received from the server. The authority to access the DM tree is given to only the client acquiring a password from the server, which effectively prevents an unauthorized change of a DM tree.04-21-2011
20110179476AUTHENTICATION OF SERVICES ON A PARTITION - Embodiments of the disclosure describe systems and methods for authenticating services running on a partition. In this regard, one embodiment of a system for authenticating a service includes a partition including a list of authorized services, and a service running on the partition; and a management processor in communication with the partition, wherein the management processor is configured to generate credentials for the service running on the partition if the service is listed in the list of authorized services.07-21-2011
20090205028Method and System for Mobile Device Credentialing - Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates.08-13-2009
20090300739Authentication for distributed secure content management system - Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.12-03-2009
20100077466SYSTEM AND METHOD FOR REMOTELY ASSIGNING AND REVOKING ACCESS CREDENTIALS USING A NEAR FIELD COMMUNICATION EQUIPPED MOBILE PHONE - The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.03-25-2010
20100037303Form Filling with Digital Identities, and Automatic Password Generation - In one implementation, form field(s) of a form of a website or application are populated with data obtained using a digital identity, and the populated form field(s) are submitted to the website or application. A form field specification specifying information about the form fields of the form is obtained. A user selects or creates a digital identity. Data is obtained using the digital identity, and the data is used to provide values to the form. The data is submitted to the website or application. In another implementation, a username and password are automatically generated. The username and password that are generated meet parameters that may be specified by the website or application. The username and password are submitted to the website or application for a purpose such as registration or authentication, and stored away for future authentication.02-11-2010
20090217364Method and Apparatus for Managing Subscription Credentials in a Wireless Communication Device - According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials.08-27-2009
20110179472METHOD FOR SECURE USER AND SITE AUTHENTICATION - The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user.07-21-2011
20100064358APPARATUS AND METHOD FOR MANAGING INFORMATION - A method and apparatus are provided for managing system identification information for workforce members such as employees, contractors and consultants that are affiliated with a business entity such as a corporation. The method and apparatus provide for the association of system identification information of a workforce member with each such workforce member in memory and further provides a review process of the same information by the relevant workforce member and one or more of the workforce member's supervisors. The review process allows each of the workforce member and the applicable supervisor(s) to confirm and, in some instances, reject the system identification information as being valid or not valid. The method and apparatus further maintains the review status of the workforce member and the applicable supervisor(s) and in one embodiment, provides for an audit of the same so that any discrepancies in the reviews are brought to light.03-11-2010
20100077465KEY PROTECTING METHOD AND A COMPUTING APPARATUS - A key protecting method includes the steps of: (a) in response to receipt of an access request, configuring a control application program module to generate a key confirmation request; (b) in response to receipt of the key confirmation request, configuring a hardware control module to generate, via the control application program module, a key input request to prompt a user for a key input; (c) upon receipt of the key input, configuring the hardware control module to determine if the key input matches a predefined key preset in the hardware control module; (d) configuring the hardware control module to enter an execution mode if it is determined in step (c) that the key input matches the predefined key; and (e) configuring the hardware control module to enter a failure mode if it is determined in step (c) that the key input does not match the predefined key.03-25-2010
20100058448METHODS AND A DEVICE FOR ASSOCIATING A FIRST DEVICE WITH A SECOND DEVICE - Methods for associating a first and a second device. Each device broadcasts an identity, the first device stores new identities and counts them. Upon user instruction and if there just one new identity, the first device sends a request for association to the second device that acknowledges this. The second device then sends, upon user instruction, a confirmation to the first device that verifies that the confirmation was sent by the second device and acknowledges this. The method is particularly suitable for use on devices that are unable to display identities of other devices.03-04-2010
20110099612AUTOMATIC USER AUTHENTICATION AND IDENTIFICATION FOR MOBILE INSTANT MESSAGING APPLICATION - Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device. This technology obviates the need for the user to remember and enter a user ID and password to access backed-up application data on a server. This is particularly useful for instant messaging applications, e.g. PIN messaging, in which the unique device identifier is used to identify the user and is also the transport address. Once registered, the user who has switched to a new device or has wiped his existing device, can restore contacts or other application data from the server based on the registration identifier.04-28-2011
20110154456System & Method for Sharing Data - A system and method for sharing data is provided. A request is received from a mobile device to transfer a set of data to a recipient. The set of data is stored by a server and controlled by a user of the mobile device. The request is authenticated, and the data is encrypted. The set of data is transmitted to a recipient specified by the user via the mobile device.06-23-2011
20110099613MODIFICATION OF A SECURED PARAMETER IN A USER IDENTIFICATION MODULE - There is provided a user identification module configured for use in a mobile communication device. An exemplary user identification module comprises a first data item being accessible for reading a value of a parameter used in the operation of the user identification module. The exemplary user identification module also comprises at least two second data items, the second data items being unmodifiable and each second data item including a value of the parameter. The first data item includes a modifiable reference addressing one second data item.04-28-2011
20110107407NEW METHOD FOR SECURE SITE AND USER AUTHENTICATION - The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the'web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user.05-05-2011
20110154458METHOD AND SYSTEM FOR CREATING A PRE-SHARED KEY - There is provided a system and method for creating a pre-shared key. More specifically, in one embodiment, there is provided a method comprising accessing an identifier associated with a computer system, and performing at least one mathematical function on the identifier to create a pre-shared key for the computer system.06-23-2011
20110154459METHOD AND SYSTEM FOR SECURING ELECTRONIC TRANSACTIONS - A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.06-23-2011
20110154455Security management framework - A framework is provided for securing and managing sensitive credential information required for a software program, such as an application or a script, to access a resource. The centralized framework validates a request for access to a resource received from the software program, retrieves the encrypted credentials associated with the requested resource, decrypts the encrypted credentials, and provides decrypted credentials to the software program for use in accessing the resource.06-23-2011
20120304264KEY PROTECTING METHOD AND A COMPUTING APPARATUS - A key protecting method includes the steps of: (a) in response to receipt of an access request, configuring a control application program module to generate a key confirmation request; (b) in response to receipt of the key confirmation request, configuring a hardware control module to generate, via the control application program module, a key input request to prompt a user for a key input; (c) upon receipt of the key input, configuring the hardware control module to determine if the key input matches a predefined key preset in the hardware control module; (d) configuring the hardware control module to enter an execution mode if it is determined in step (c) that the key input matches the predefined key; and (e) configuring the hardware control module to enter a failure mode if it is determined in step (c) that the key input does not match the predefined key.11-29-2012
20120304263SYSTEM AND METHOD FOR SINGLE SIGN-ON - A server generates a first ID in response to a user inputting a username on a web portal provided by the server. If the user selects a link page displayed through the web portal, the server generates a second ID and sends the first ID and the second ID to the selected link page. The server detects if the user can access the selected link page by reference to the first ID and the second ID. If the server verifies the information successfully, the link page may be entered using the portal information.11-29-2012
20110179474METHOD AND SYSTEM FOR CREATING A MOBILE INTERNET PROTOCOL VERSION 4 CONNECTION - A method for creating a unique and secure mobile internet protocol version 4 connection for a packet data network is provided. The method includes generating an extended master session key to create a mobile internet protocol root key. The method also includes creating a mobile internet protocol security parameter index based on the mobile internet protocol root key and an access point name. The method further includes deriving a mobile node home agent key based on the access point name. Furthermore the method includes associating the derived mobile node home agent key to the created security parameter index. Moreover the method includes providing the unique and secure mobile internet protocol version 4 connection to transfer data for the packet data network connectivity.07-21-2011
20110078775METHOD AND APPARATUS FOR PROVIDING CREDIBILITY INFORMATION OVER AN AD-HOC NETWORK - An approach for providing credibility information over an ad-hoc network is described. A trust manager receives content from a transmitting node over an ad-hoc network. The trust manager retrieves one or more trust values associated with the content, the transmitting node, or both, wherein the trust values are assigned by a trust server and further adjusted based on locally collected credibility information. The trust manager conducts a local evaluation of credibility information regarding the content, the transmitting node, or both. The trust manager then generates one or more combined trust values for the content, the transmitting node, or both from the trust values and the local evaluation.03-31-2011
20110083172INCREASE ENTROPY OF USER-CHOSEN PASSWORDS VIA DATA MANAGEMENT - A method, computer readable medium and apparatus for providing data security for a computing environment having a plurality of nodes are provided. The apparatus comprises of a password mechanism residing in a storage location in the computing environment; and a user specific dictionary including entries generated by the password mechanism about each user by retrieving available data from one or more databases. The password mechanism rejects a proposed password for the user by comparing it with entries in the user specific dictionary when the proposed password matches at least part of any entry in the user specific dictionary.04-07-2011
20110078776Secure digital credential sharing arrangement - A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.03-31-2011
20110072498TEARING AND CONFORMAL TRANSFORMATION HUMAN INTERACTIVE PROOF - The HIP creation technique described herein pertains to a technique for creating a human interactive proof (HIP) by applying tearing and/or a conformal transformation to a string of characters while maintaining readability of text. In one embodiment, the technique tears a character string into two or more pieces and applies conformal transformation to warp the pieces in order to create a HIP. The transformation changes the shape and orientation of the characters but preserves angles of the characters which makes it easy for humans to recognize the characters after the transformation. Other embodiments of the technique create HIPs by applying tearing only to a string of characters, or by applying conformal transformation only to the character string.03-24-2011
20130160097METHODS, APPARATUS, AND COMPUTER PROGRAM PRODUCTS FOR SUBSCRIBER AUTHENTICATION AND TEMPORARY CODE GENERATION - A mechanism is provided for providing temporary generated codes by a server. Responsive to triplet authentication of a device to service provider network, a server receives an initial code from the device to request a temporary generated code. The server verifies the triplet authentication of device. The server determines whether there is a user account match to the initial code. The server determines a corresponding application server based on the initial code and the user account match. The server generates a temporary generated code to access the application server. The temporary generated code is transmitted to both the application server and the communication device, is set to expire at a preset time, is generated to allow the user access to a single session on the application server, and is generated to expire after the temporary generated code is input to access the single session on application server.06-20-2013
20130160098FAMILIAR DYNAMIC HUMAN CHALLENGE RESPONSE TEST CONTENT - Embodiments of the invention are directed to human challenge response test delivery systems and methods. Specifically, embodiments of the present invention are directed to secure human challenge response test delivery services of configurable difficulty for user devices. One embodiment of the present invention is directed to methods and systems for implementing a familiar and dynamic human challenge response test challenge repository created from transaction data. The dynamic human challenge response test challenge repository may be created by a server computer receiving a plurality of transaction data. Challenge items may be extracted from the transaction data using an extraction algorithm. Furthermore, in some embodiments a challenge message may be sent to a requestor, a verification request may be received, and the verification request may be compared to the challenge message. Another embodiment may be directed at using user information in a human challenge response test to mutually authenticate a user and a service provider.06-20-2013
20110041166Method of Password Assignment - A method is provided in which a user registers a Session Initiation Protocol (SIP) address with a server that uses digest access authentication; If the user has another address already registered with the server, the server requests the user name and password for the existing address. The user enters the user name and password into a client application. The client application transmits the user name and password to the registration server as clear text over an encrypted channel. The registration server generates a digest from the received user name and password and compares the generated digest with the digest stored on the registration server for the existing address in order to determine whether the user submitted a valid user name and password. If the generated and stored digests match, the registration server sets the password for the existing email account of the user as the password for the new email.02-17-2011
20110035791Method for Device Insertion Into a Community of Network Devices - A method for performing at least one evolution operation in a dynamic, evolutive community of devices in a network comprising at least a first device. The method comprises a step of sending at least one message over the network from the first device to a second device, wherein the first device continues the method without acknowledgement of the at least one message from the second device. The method is suitable for execution on clockless devices. A device for performing the method is also claimed.02-10-2011
20110154457AUTHENTICATING METHOD, CONVERSION DEVICE, AND RELAY DEVICE - A conversion device receives service data including first connection destination data and the authentication information about an authenticated user, generates second connection destination data for designation of the first connection destination data, then associates the authentication information, the first and second connection destination data with one another, transmits them to a relay device, and transmits to a client the service data in which the first connection destination data is replaced with the second connection destination data; the client transmits the second connection destination data selected by the user to the relay device; the relay device transmits the authentication information to a server indicated by the first connection destination data using the authentication information and the first connection destination data corresponding to the second connection destination data, and transmits the address of the server to the client; and the client communicates with the server using the address and the authentication information.06-23-2011
20100088752Identifier Binding for Automated Web Processing - A process for the automatic handling of requests has a first step of receiving a session request, which results in the issuance of a session token. Upon receipt of a content transfer message accompanied by the previously issued session token, a routing tuple identifying a sender, receiver, and type, the content transfer message also containing content to be transferred, the routing tuple is compared to entries in a process table which resolves into an action and destination. The action and destination associated with the routing tuple and request type are performed if a match is found, or a default action is taken if no match is found, such as placing the content in a user INBOX for future handling. Additionally, the later actions the user takes on the INBOX are examined, and new entries are created in the process table based on the user actions.04-08-2010
20100064357Business Processing System Combining Human Workflow, Distributed Events, And Automated Processes - Techniques are provided for designing, deploying, and executing mashups that integrate human workflows with automated processes. In an example embodiment, a system for executing mashups comprises a human interaction module, an event manager module, and a process orchestration module. The human interaction module is configured to receive user input while a human workflow included in a mashup is being executed, and to raise an event in response to the user input. The event manager module is configured to: receive the event from the human interaction module; based on the event, identify a particular automated process from one or more automated processes that are included in the mashup; and invoke the process orchestration module to execute the particular automated process based on the event. The process orchestration module is configured to execute the particular automated process in response to being invoked by the event manager module.03-11-2010
20120204245SECURE AUTHENTICATION USING ONE-TIME PASSWORDS - Embodiments of the invention facilitate the use of a contactless memory token to automate log-on procedures to a remote access server using dynamic one-time passwords (OTPs). A series of workflow steps establishes the identity of the user and charges a token with a number of dynamic OTPs that can be subsequently verified using, for example, a Radius server sitting behind a VPN or SSL/VPN server.08-09-2012
20100005518ASSIGNING ACCESS PRIVILEGES IN A SOCIAL NETWORK - A system and method of assigning access privileges in a social network includes a first step (01-07-2010
20090320107SECURE PASSWORD RESET FOR APPLICATION - A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account. Access is granted upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account. The method includes granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password.12-24-2009
20110258687System and Method for Providing a Secure Connection between Networked Computers - Embodiments disclosed herein provide a system, method, and computer program product for establishing a secure network connection between a client and a server. The client may send a connection request over a public network to the server. The server may prepare a response containing a controller and session-specific credentials. The controller may be selected to configure a tunneling protocol on the client. After being downloaded to the client, the controller configures the tunneling protocol and establishes a secure network connection with the server without user intervention. The session-specific credentials are valid until the secure network connection between the client and the server is severed.10-20-2011
20110258686Alias Management and Value Transfer Claim Processing - An alias management and value transfer claim processing system is disclosed. A sending entity initiates value transfer identifying a recipient entity using an alias that is unregistered with the system. The value transfer is authorized, but not settled until the recipient entity registers with the system and claims the value transfer. The registered alias can be used for subsequent value transfers.10-20-2011
20080320572EMERGENCY RESPONDER CREDENTIALING SYSTEM AND METHOD - A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.12-25-2008
20080320570INFORMATION PROCESSING APPARATUS - According to one embodiment, an information processing apparatus includes a wireless communication unit which receives and transmits a voice call wireless signal with a base station, an acceptance unit which accepts instructions related to a privacy protection operation using the voice call wireless signal received by the wireless communication unit, and a control unit which controls the privacy protection operation in accordance with the instructions accepted by the acceptance unit.12-25-2008
20110179473METHOD AND APPARATUS FOR SECURE COMMUNICATION BETWEEN MOBILE DEVICES - Methods and apparatuses for secure communication are provided. The secure communication method includes receiving a first credential of a remote device; receiving first authentication information of the remote device; storing a user record including the first credential and the first authentication information; and evaluating a security level of the received first authentication information.07-21-2011
20090125992SYSTEM AND METHOD FOR ESTABLISHING SECURITY CREDENTIALS USING SMS - The present invention provides a system and method for establishing security credentials for using an Internet or other network application requiring user authentication. In an exemplary embodiment, a user electronic device may connect to an application server to initiate use of the application. The application server may respond by transmitting to the user electronic device session identification information (a Session ID). The user electronic device may then transmit an SMS message containing the Session ID back to the application server, which permits the application server to link to the user electronic device. The application server may generate for the user encrypted security credentials and transmit an encryption key for them to the user electronic device in a response SMS message. In a separate message, the security credentials are transmitted to the user. In this manner, only the legitimate user electronic device has both the encryption key and the encrypted security credentials. The user electronic device may then decrypt the security credentials using the encryption key, and use the security credentials to access the network application.05-14-2009
20090125996VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.05-14-2009
20080313720System, Device and Method for Conducting Secure Economic Transactions - An identification verification device includes an input operable to receive an identification verification query relayed by an account hosting entity. The identification verification query includes a temporary code received from a user. A comparator is coupled to the input and is operable to compare the received temporary code with a verification code. An output transmits to the account hosting entity one of an authorized and a not authorized response that is based upon the comparison.12-18-2008
20080313721ACCESS CONTROL OF INTERACTION CONTEXT OF APPLICATION - A method of controlling access to an interaction context of a multi-user application includes receiving and tracking over time login requests pertaining to one of a plurality of user accounts of a virtual application instance of the multi-user application, each login request including a login password and each user account including a user password. A login request for the user account is rejected when the login password fails to match the user password of the user account. Access to the user account is denied when a consecutive number of times a login request for the user account is rejected reaches a selected limit. The user is prompted to change the user password of the user account and given limited access to the user account to do so when the user password is a permanent password and a cumulative number of rejected login requests for the user account reaches a selected threshold.12-18-2008
20100313251Method and Apparatus for Coordinating a Change in Service Provider Between a Client and a Server with Identity Based Service Access Management - A method of configuring a network access device connected to an access network connected to a plurality of service networks, the network device having a first network address allocated to a subscriber of services of a first service provider provided by a first service network, with a new network address allocated to a second subscriber of services of either the first service provider, or a second service provider provided by a second service network. The method comprises the steps of: sending a request from the network access device to the access network with user credentials for the second subscriber requesting access to the first service provider or a change to the second service provider; receiving a response from the access network; and initiating a network address change request using a configuration protocol. In this manner, a second network address allocated to the second subscriber of services of either the first or second service providers is assigned to the network access device to enable the network access device to communicate data packets to the service network providing the selected service.12-09-2010
20110055910USER-CENTRIC INTERCEPTION - The present invention relates to methods and arrangement for user-centric interception in a telecommunication system wherein correlated identities are federated in an Identity Management Controller. The method comprises: Sending from an Intercept Unit to the Identity Management Controller, a request for identities correlated with a specified key target identity. The Intercept Unit receives identities federated to the specified key target identity. The received identities are utilized for user-centric interception purposes.03-03-2011
20110055909METHODS, APPARATUS, AND COMPUTER PROGRAM PRODUCTS FOR SUBSCRIBER AUTHENTICATION AND TEMPORARY CODE GENERATION - Method, apparatus, and computer products are provided for providing temporary generated codes by a server. Responsive to triplet authentication of a device to service provider network, a server receives an initial code from the device to request a temporary generated code. The server verifies the triplet authentication of device. The server determines whether there is a user account match to the initial code. The server determines a corresponding application server based on the initial code and the user account match. The server generates a temporary generated code to access the application server. The temporary generated code is transmitted to both the application server and the communication device, is set to expire at a preset time, is generated to allow the user access to a single session on the application server, and is generated to expire after the temporary generated code is input to access the single session on application server.03-03-2011
20090125993METHOD FOR PROTECTING AGAINST KEYLOGGING OF USER INFORMATION VIA AN ALTERNATIVE INPUT DEVICE - A method for protecting against keylogging, the method includes: detecting from a host browser application, a request for a password input by a user of an alphanumeric input device in an entry field of a transaction; inserting a temporary indicator password in the entry field; sending an identifier of the host application with the temporary indicator password to an alternative device; retrieving a user assigned password stored in a table in the alternative device in response to matching the identifier of the host application and the temporary indicator password; sending the user assigned password to the host application; inserting the user assigned password in place of the temporary indicator password in the entry field; and sending the transaction to a server for verification and further processing.05-14-2009
20100325708SYSTEM AND METHOD FOR PROVIDING A MULTI-CREDENTIAL AUTHENTICATION PROTOCOL - A system and method for providing secure communications between remote computing devices and servers. A network device sends characteristics of a client computing device over the network. A network device receives characteristics of a client computing device over the network. A plurality of credentials are generated where at least one of the plurality of credentials based on both the received characteristics of the client computing device and a unique client key, and at least one of the plurality of credentials based on both the received characteristics of the client computing device and a generic key. A network device sends the plurality of credentials over the network. A network device receives the plurality of credentials via the network.12-23-2010
20110010763TOOL AND METHOD FOR GENERATING PASSWORDS - A grid is provided for creating secure and confidential passwords for use in sign-in procedures on electronic user accounts. The tool includes a grid having multiple rows and columns defining cells, with each cell having randomly assigned keyboard characters, such as letters, numbers, and symbols. A user creates a password by selecting a starting cell, and progressing in a user-selected pattern through a pre-selected number of cells. Multiple unique grids may be provided in hard copy or digital form for use in creating multiple passwords which may be created using the same or different starting cells and/or patterns.01-13-2011
20110016515REALTIME MULTICHANNEL WEB PASSWORD RESET - The need for realtime password resetting is providing by using a converged HTTP/SIP container. The container allows interaction between the different protocols of HTTP and SIP. When a user needs to reset a password that would normally require sending a new temporary password through the mail, the user can be appropriately authenticated and provided with a temporary key. After a temporary key is created and sent electronically to the user via the computer system which initiated the request, a telephony application calls the user. The user is prompted for authentication information and then enters the temporary key. The temporary key entered is compared with the temporary key created, and if matched, the user can reset the password in realtime.01-20-2011
20110167485SYSTEM AND METHOD FOR TOY ADOPTION AND MARKETING - Provided are a method and computer system that provide a virtual world. A server of the computer system includes a storage subsystem that stores two or more items of different personalized information about multiple different users, including different user identifications and passwords associated with the user identifications respectively representing the users. The server computer system is programmed to accept login credentials including a user identification and password and validate the login credentials. The server computer system is also programmed to control formation of a first user account and storage of the first user identification and first password. The storage subsystem stores information about registration codes that have not yet been entered. Further, the server computer system is programmed to accept entry of one or more of the registration codes that have not yet been entered and, based on entry of the registration codes, to associate stored information indicative of the one registration code with the first user identification.07-07-2011
20130198821Account Management for Multiple Network Sites - Disclosed are various embodiments for account management for multiple network sites. Multiple accounts of a user are maintained for multiple network sites in a computing device. A secured resource of a network site is to be accessed by the computing device. A new account is created, or an existing account is upgraded, in response to determining that the accounts are not capable of accessing the secured resource. A set of information about the user is provided to the network site to create, or upgrade, the account.08-01-2013
20110078777Computer-readable recording medium recording remote control program, portable terminal device and gateway device - A computer-readable recording medium which records a remote control program for allowing data on a network protected by a gateway device to be transferred to an external device by external remote-control operations; a portable terminal device; and a gateway device. The terminal device transmits to the gateway device an access ticket issue request. The gateway device generates key information and transmits to the terminal device an access ticket including the key information. The terminal device transfers to a data acquisition device a data acquisition instruction including the acquired access ticket. The acquisition device transmits to the gateway device a data request including the key information. When the key information added to the access ticket and the key information included in the data request are the same, the gateway device transfers the data request to a data server device. The server device transfers the data to the acquisition device.03-31-2011
20120311684SYSTEMS AND METHODS FOR REGISTERING A USER ACROSS MULTIPLE WEBSITES - Various embodiments provide systems for registering a user with one or more websites. Such systems comprise at least one processor configured to: receive an IP address for a computing device being used by the user; and after receiving the IP address: (1) obtain a location associated with the IP address; and (2) identify whether the user is in a jurisdiction that permits the user to register with a website. The systems may then receive one or more parameters obtained from the user, upon which the systems verify an age of the user; determine which of the one or more types of transaction activities the user is permitted to conduct; query one or more registration attempts over a predetermined previous time period to identify duplicate or similar parameters; and verify the user's identity based at least on one of the one or more parameters. Associated methods are also provided.12-06-2012
20120311683NETWORK SECURITY PARAMETER GENERATION AND DISTRIBUTION - Disclosed are various embodiments for facilitating network security parameter distribution and generation in a converged network incorporating multiple heterogeneous link layer networking technologies. Embodiments are provided for connecting network devices through multiple heterogeneous link layer networking technologies using a converged network password. Embodiments are provided for connecting network devices through multiple heterogeneous link layer networking technologies using a pairing event protocol, such as, for example, a push button protocol.12-06-2012
20100205661METHOD OF ESTABLISHING PROTECTED ELECTRONIC COMMUNICATION BETEEN VARIOUS ELECTRONIC DEVICES, ESPECIALLY BETWEEN ELECTRONIC DEVICES OF ELECTRONIC SERVICE PROVIDERS AND ELECTRONIC DEVICES OF USERS OF ELECTRONIC SERVICE - A method of establishing protected electronic communication between various electronic devices equips users beforehand with a personal electronic identity gadget bearing no information about the user identity. Only at the first connection of the blank personal gadget to the electronic devices of an arbitrary electronic service provider, and/or to local electronic devices, the personal electronic identity gadget and the electronic devices and/or the local electronic devices mutually generate a verifiable electronic identity, which is stored in the personal electronic identity gadget and in the electronic devices and/or local electronic devices, for the needs of further mutual electronic communication, separately from other identities and without the knowledge of personal data about the user. Consequently only the generated and stored information is utilized for verification of the identity at every subsequent connection of the user to the electronic devices of the given electronic service provider and/or to the local electronic devices.08-12-2010
20100180327SECURE REMOTE AUTHENTICATION THROUGH AN UNTRUSTED NETWORK - A method for securely authenticating a user of a portable consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the portable consumer device from the access device. Next, the portable consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the portable consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.07-15-2010
20100180328AUTHENTICATION SYSTEM AND METHOD - An authentication system and method axe provided, the method comprising, storing a user identification code associated with said user, generating a plurality of functions for producing a pass code based on at least one input by a user, said at least one input comprising said user identification code, storing at least one function and associating said function with a user, generating an application adapted to implement said at least one function on the user device, supplying the application to said user device, generating a transaction code associated with said transaction and supplying the transaction code to said application; and receiving a pass code for said transaction from the user device and authenticating the transaction on the basis of the received pass code, the function associated with said user, the user identification code and the transaction code associated with said transaction.07-15-2010
20100180326SECURE REMOTE AUTHENTICATION THROUGH AN UNTRUSTED NETWORK - A method for securely authenticating a user of a consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the consumer device from the access device. Next, the consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.07-15-2010
20100122328METHOD, HARDWARE PRODUCT, AND COMPUTER PROGRAM PRODUCT FOR OPTIMIZING SECURITY IN THE CONTEXT OF CREDENTIAL TRANSFORMATION SERVICES - Security is optimized in the context of a credential transformation service (CTS) by utilizing a web services client runtime to gather information for determining whether or not a target web service is hosted in a security domain used by a client application and for determining whether or not the target web service uses an authentication mechanism substantially identical to that used by the client application. The gathered information is carried in an endpoint reference (EPR) of the target web service. In response to the client receiving the EPR, the client applies an optimization process to eliminate a possible unnecessary invocation of the CTS, wherein the target web service is an authoritative manageable resource having minimal or no responsibility for providing its identity, and having minimal or no responsibility for advertising any creation and destruction lifecycle related events.05-13-2010
20100122331SINGLE USE WEB BASED PASSWORDS - Embodiments are directed towards employing a plurality of single use passwords to provide phishing detection and user authentication. A user receives a plurality of single use passwords that expire within a defined time period after having been sent to a registered device. During a login attempt, the user enters a user name and a requested one of the passwords, which once entered expires. If valid, the user then enters a portion of another password to complete a displayed portion of a password, and a specified other one of passwords. If the displayed portion of the other passwords does not match any portion of one of passwords, then the user may detect a phishing attempt and terminate the login. If the user correctly the password data, the user may then access secured data. Each new login request requires a different set of passwords to be used.05-13-2010
20090300742IDENTITY SELECTOR FOR USE WITH A USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - An identity selector manages the identity requirements of an online interaction between a user and a service provider environment. The identity selector is adapted for interoperable use with a user-portable computing device. The user device enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The identity selector includes an agent module that facilitates communication with the user device. The identity selector imports the user identities from the user device and determines which user identities satisfy a security policy of a relying party. After the user selects one of the eligible user identities, the identity selector generates a token request based on the selected identity and forwards it to the user device, which in response issues a security token. The security token is returned to the identity selector and used to facilitate the authentication process.12-03-2009
20090300741GRANTING SERVER/WORKSTATION ACCESS USING A TELEPHONE SYSTEM - A method of granting access to a computing system includes: receiving a connection request from a remote computing system; generating a first message indicating a session identification number and an access number; receiving the session identification number from a telephone system; performing a verification of the session identification number; and granting access to the computing system based on the verification of the session identification number.12-03-2009
20090300740PROACTIVE CREDENTIAL CACHING - In wireless networking, such as per the IEEE 802.11 standard, a technique automatically republishes an authentication credential to a global credential repository. A station can have a first credential, as is created when the station connects to a first access node of a wireless network. Upon trying and failing to connect to a second access node of the wireless network, the station can have a second credential created and published to the global credential repository. In some situations, the station then roams back to the first access node using the first credential. Efficiently, when the station uses the first credential at the first access node, the first credential can be automatically republished as a global credential. The automatic republishing of the first credential can ensure that the station is able to access the wireless network via various access nodes when roaming.12-03-2009
20090300738Authentication Methods and Systems - A method of generating an authentication token using a cryptographic based application downloaded to a mobile telephony device and a method of authenticating an online transaction using such a token. The method may be employed in a two factor authentication method uitilising a user password and an authentication token. The method allows a two factor authentication method to be provided by a wide range of mobile telephony devices operating either online or offline. Other authentication systems and methods of authentication are also disclosed.12-03-2009
20090293109SYSTEM AND METHOD FOR REFLECTING INFORMATION FROM PARTICIPANTS - An approach is provided for a method including initiating an information distribution session based on instructions from a first participant of a plurality of participants. The method also includes assigning access information and a passcode to the information distribution session, receiving posting information sent from two or more active participants of the plurality of participants using the access information with the passcode, and transmitting to the active participants the posting information of other active participants.11-26-2009
20090293108Method and System for User Management of Authentication Tokens - A computer implemented method, a computer program product, and a data processing system manage a set of federated log-in authentications at secure web sites. A client logs into a security context using a first alias from a list of existing federated single sign-on authentication aliases associated with an account. Responsive to logging into the security context, the client can receive the list of existing federated single sign-on authentication aliases. The client can then manage the list of authentication aliases.11-26-2009
20100180325SYSTEM AND METHOD FOR PROVIDING A NORMALIZED SECURITY LIST - A system and method for providing a normalized security list including a first module configured to generate a first normalized security list of user identifications within a network and a second module configured to generate a second normalized security list of user identifications within the network. The system and method may also include an equalizer module configured to compare the first normalized security list with the second normalized security list, equalize the first normalized security list based on the second normalized security list, and equalize the second normalized security list based on the first security list. The system and method may also include a processing module configured to perform an audit of user identifications within the network by processing the first equalized normalized security list and the second equalized normalized security list and generating audit results based on the processing.07-15-2010
20110265161MODIFYING A USER ACCOUNT DURING AN AUTHENTICATION PROCESS - Techniques are described for repairing some types of user account problems that interfere with granting a user access to a computer system and doing so during a process to authenticate the user in a way that does not require the user to re-enter authentication information or require the user to restart a communication session with the computer system. In response to a determination that a user's account has a problem during an authentication process, techniques are provided to enable a user to execute an appropriate process or processes to fix the user account, after which the authentication process continues. In this way, the correction to the user account may appear to be seamless to the user.10-27-2011
20110265159System and Methods for Online Authentication - A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.10-27-2011
20110265157ONE STEP SECURITY SYSTEM IN A NETWORK STORAGE SYSTEM - This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.10-27-2011
20110265158METHOD AND APPARATUS FOR ENABLING MACHINE TO MACHINE COMMUNICATION - A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.10-27-2011
20100031332SECURE ACCESS - Secure access to a resource is provided by receiving a user request associated with a username for access for a resource and checking the username associated with the request against a reference username associated with the user. The reference username is linked to a second username associated with the user. If the received username matches the reference username, the request is modified by replacing the received username with the second username, and the modified request is forwarded towards the resource. A new username can be recorded upon receiving a request for the user. In response to the received request, the new username is recorded at a reference location linked to the location of the second username.02-04-2010
20100031331Remote Access Method - All operations available on an intranet are securely performed from an outside of the intranet without taking out a file on the intranet from the intranet. A file on the intranet is not taken out, but, instead of this, image information on a target computer 02-04-2010
20100024015SYSTEM AND METHOD FOR SIMPLIFIED LOGIN USING AN IDENTITY MANAGER - A system and method for simplifying a login process makes use of a set of bookmarks that can be used to playback a series of actions and provide a stored username and password to a website or webservice. A user can access a bookmark manager component of the system and an identify manager component of the system either locally or remotely and have the two components act independently of each other but in communication to store the bookmarking and identity information.01-28-2010
20100024014HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT - Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.01-28-2010
20110219437AUTHENTICATION INFORMATION CHANGE FACILITY - A system, method, and computer program product are provided to facilitate changing authentication information in an environment having two or more configuration items. Establishing a connection between the configuration items may require matching authentication information corresponding to the first configuration item with authentication information transmitted from the second configuration item. The system may include a repository storing at least one predetermined attribute corresponding to a configuration item, and a relation between the configuration item and another configuration item. The attribute and/or the relation may be updated by discovery that detects information regarding configuration items. In response to a request to change authentication information corresponding to the first configuration item, and based on the relation, an identification unit may identify a second configuration item influenced by the change. An instruction unit may initiate a change of authentication information transmitted from the second configuration item.09-08-2011
20120042364PASSWORD PROTECTION TECHNIQUES USING FALSE PASSWORDS - A password manager may receive a password, and a false password generator may generate at least one false password, based on the password. A false password selector may store the at least one false password together with the password. A password handler may receive a login attempt that includes the at least one false password, and an attack detector may determine that the login attempt is potentially unauthorized, based on the receipt of the at least one false password.02-16-2012
20090172793SYSTEMS AND METHODS FOR DELEGATING ACCESS TO ONLINE ACCOUNTS - Computer-implemented methods for delegating access to online accounts and for facilitating delegates' access to these online accounts are disclosed. In one embodiment, a method for delegating access to an online account comprises receiving a request to delegate access to a first online account to a first delegate, identifying the first online account, identifying a contact record for the first delegate, and delegating access to the first online account to the first delegate by associating the contact record for the first delegate with the first online account. Corresponding systems and computer-readable media are also disclosed.07-02-2009
20090089866ACCESS AUTHORIZATION SYSTEM, ACCESS CONTROL SERVER, AND BUSINESS PROCESS EXECUTION SYSTEM - An access authorization system is provided, which can reduce the user wait time until the provision of a user-requested service. The access authorization system of the present invention specifies the next service to be provided to a UT (a client-side communication device) after the service currently being provided to the UT, and then executes process to make an authorization decision in advance regarding the next service with respect to the user of the UT, before the UT requests the next service.04-02-2009
20120060208METHOD AND APPARATUS FOR CONNECTING TO ONLINE SERVICE - A method of connecting to an online service where a terminal transmits information regarding a selected online service and first authentication information to an external device, receives second authentication information detected based on the transmitted information, from the external device, and is then logged into the selected online service based on the received second authentication information.03-08-2012
20110173686IMAGE FORMING APPARATUS, AUTHENTICATION INFORMATION MANAGING SYSTEM, AUTHENTICATION INFORMATION MANAGING METHOD, AND AUTHENTICATION INFORMATION MANAGING PROGRAM - An image forming apparatus communicates with an authenticating server which stores user information for identifying a user and authentication information included in a storing medium. An authentication requesting unit transmits the user information input to the image forming apparatus to the authenticating server to authenticate the user. An authentication result obtaining unit obtains the user authentication result from the authenticating server. A display unit displays a registering mode for registering the authentication information corresponding to the input user information and a deleting mode for deleting the authentication information corresponding to the input user information so that the modes can be selected according to the obtained authentication result. When the deleting mode has been selected, the authentication information deletion instructing unit instructs the authenticating server to delete one or a plurality of authentication information corresponding to the user information in response to a deleting instruction by the user.07-14-2011
20120210405SYSTEM AND METHODS FOR UNIVERSAL PASSWORD CONTROL - A system and method is described for controlling the password(s) of one or more programs through a universal program. The universal control program allows access to one or more other programs and allows editing of the passwords of the other programs directly through the universal access program.08-16-2012
20120210408VERIFICATION METHOD AND SYSTEM THEREOF - The invention discloses an authenticating method and a system thereof, which relates to information security field and solves the problem that the user information is not safe in transaction process. The embodiment of the invention comprises that the server side receives user data information and a first dynamic password sent from the user side; the server side generates the first authenticating dynamic password according to the user data information; server side verifies the first dynamic password according to the first authenticating dynamic password and generates the second authenticating dynamic password after successful verification; the server side sends the second authenticating dynamic or the first password to the user side; the server side executes the transaction data in the user data information or permits the user to log on after using a third authenticating dynamic password generated by the server side to verify the user data information or the third dynamic password sent from the user side successfully. The invention enhances the safety of transaction for the user and prevents the user from loss caused by logging on phishing website by the user.08-16-2012
20120210404Seamless Wi-Fi Subscription Remediation - The exemplary embodiments include a method to perform, based on at least one of hypertext transport protocol and non-hypertext transport protocol traffic tests failing, sending an hypertext transport protocol message to a subscription remediation server URI that carries a package1 message, receiving an hypertext transport protocol response from the subscription mediation server with a package2 message, and automatically replacing a password with a new value, automatically initiating creation of a new client certificate, or launching a browser to a URI provided in the response to enable user intervention. In addition, to receive an access request from a device, determining whether credentials are valid, and if the credentials are determined valid, sending an access-accept message with a success indication, and if the credentials are determined not valid, sending an access-accept message with a success indication and an indication that access by the device is limited to only a subscription remediation server.08-16-2012
20120047563AUTHENTICATION - An arrangement for authenticating a transaction between a user's mobile device and an entity such as a corporate server is disclosed. The user's universal integrated circuit card (UICC) is adapted to generate a time-dependent authentication code which is dependent on a time value and which is usable to authenticate the transaction only during a predetermined period. A time verification processor verifies a time value to ensure that the time-dependent authentication code was generated based on the correct time value. The time value is based on the UTC time obtained from UTC clock. The verified time is used to generate a “one-time” password (authentication code) by the authentication code calculator of the UICC. This is used to authenticate a transaction with the corporate network.02-23-2012
20120047564SECURITY SYSTEM AND METHOD - A method of operating a security system includes accessing a database and obtaining a user PIN. A normal keypad is defined in which a plurality of alphanumeric characters are displayed in defined normal positions. A scrambled keypad is also defined including the PIN so that at least some of a plurality of alphanumeric characters are displayed on the scrambled keypad in positions which are different to the positions in which they would be displayed in the defined normal keypad. In addition, for each of the alphanumeric characters of the PIN the alphanumeric character which is normally displayed in the normal keypad in the position in which the alphanumeric characters of the PIN are displayed in the scrambled keypad is determined thereby to arrive at a scrambled PIN Data defining the scrambled keypad is then transmitted to a user over a first communications network.02-23-2012
20090172792APPARATUS, SYSTEM, AND METHOD FOR ASYNCHRONOUS JAVA SCRIPT AND XML (AJAX) FORM-BASED AUTHENTICATION USING JAVA 2 PLATFORM ENTERPRISE EDITION (J2EE) - An apparatus, system, and method are disclosed for Asynchronous Java Script and XML (AJAX) form-based authentication using Java 2 Platform Enterprise Edition (J2EE). The apparatus for AJAX form-based authentication using J2EE is provided with a plurality of modules configured to functionally execute the necessary steps for redirecting an AJAX client request to an authentication required servlet, issuing an AJAX response to the client, authenticate the user security credentials, and process the client request for secure data. In addition, a method of the present invention is also presented for programming Asynchronous Java Script and XML (AJAX) form-based authentication that avoids a page change using Java 2 Platform Enterprise Edition (J2EE).07-02-2009
20120210407ENABLING AUTHENTICATION OF OpenID USER WHEN REQUESTED IDENTITY PROVIDER IS UNAVAILABLE - A method and computer program product for enabling authentication of an OpenID user when a requested identity provider is unavailable. A relying party receives a login request from the OpenID user, where the login request includes a username. The relying party reads a list of trusted identity providers that are associated with the received username and selects one of those identity providers. The relying party generating an OpenID identifier using an identification (e.g., Uniform Resource Locator) of the selected identity provider and the username. The relying party transmits an authentication request (request to authenticate the OpenID user) to the selected identity provider using the formed OpenID identifier. If the selected identity provider is unavailable, then the relying party selects another identity provider from the list of identity providers that are associated with the received username and repeats the above process.08-16-2012
20120005734USER AUTHENTICATION METHOD AND USER AUTHENTICATION SYSTEM - A system for registering a password derivation pattern for deriving a password to be used in user verification includes a terminal device and a server. The terminal device is configured to display a presentation pattern, the presentation pattern including a plurality of elements, each of the plurality elements being assigned with predetermined characters, so as to cause the user to input a character assigned to a specific element with respect to the presentation pattern. The server is connected with the terminal device via a communication channel. The server is configured to repeat the process of displaying a new presentation pattern until the password derivation pattern is specified based on the character inputted by the user. The server is configured to store the specified password derivation pattern.01-05-2012
20120005733VERIFICATION ENGINE FOR USER AUTHENTICATION - Computer-implemented system and methods for authenticating the identity of a person, for example a customer (01-05-2012
20110167484APPARATUS AND METHOD FOR INTEGRATING AUTHENTICATION PROTOCOLS IN THE ESTABLISHMENT OF CONNECTIONS BETWEEN COMPUTING DEVICES - An apparatus and method for integrating authentication protocols in the establishment of connections between a controlled-access first computing device and at least one second computing device. In one embodiment, network access user authentication data needed to access the at least one second computing device is transmitted to an authentication server automatically if the user has access to use the first computing device, thereby not requiring the user to manually enter the authentication data needed for such access at the first computing device. The network access user authentication data may be, for example, retrieved from a memory store of the first computing device and/or generated in accordance with an authentication data generating algorithm.07-07-2011
20110167483ROLE-BASED ACCESS CONTROL UTILIZING TOKEN PROFILES HAVING PREDEFINED ROLES - A method and system for managing role-based access control of token data using token profiles having predefined roles is described.07-07-2011
20120210403Mobile communications device-operated electronic access system - A mobile communications device is disclosed for use in an electronic access system for communicating with a central server for processing at least access authorization for an application running on the server. In at least one embodiment, an optical identification signal in the form of a barcode or a photographic recording of the user is captured on the mobile communications device in the form of an identification code and sent together with the mobile number to the server for further processing. The access authorization of the user for the respective application can therefore be verified on the central server. At least one embodiment relates in particular to medical and healthcare-related applications.08-16-2012
20120023560INFORMATION PROCESSING APPARATUS - An information processing apparatus includes: a memory that stores, for each of a plurality of items that can be described in extensions included in a certificate signing request, item names and item contents with associating each of the item names with a respective one of the item contents; an acquiring unit that acquires specific information; a preparation unit that makes out a specific certificate signing request including specific extensions in which a specific item name and a specific item content are described, according to a condition for making out specific extensions which is determined in response to a user's instruction, by acquiring the specific item name and the specific item content from the memory and using the acquired specific information, specific item name and specific item content; and an output unit that outputs the specific certificate signing request to an outside.01-26-2012
20120023559TELECOMMUNICATION METHOD, COMPUTER PROGRAM PRODUCT AND COMPUTER SYSTEM - The invention relates to a telecommunication method having the following steps: 01-26-2012
20120023558SYSTEMS AND METHODS FOR AN EXTENSIBLE AUTHENTICATION FRAMEWORK - The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials. The flexible, configurable and extendable authentication framework supports a wide variety of authentication scheme and supports third party, proprietary and customized authentication schemes.01-26-2012
20120066749METHOD AND COMPUTER PROGRAM FOR GENERATION AND VERIFICATION OF OTP BETWEEN SERVER AND MOBILE DEVICE USING MULTIPLE CHANNELS - A method and computer program for generation and multi channel verification of OTP (One Time Password) between two parties consisting of a service provider and a user, wherein said user has access to at least two communication channels, and wherein said user is logging into said service provider with a user ID via one communication channel and the service provider has the ability to communicate with an authentication server which again has the ability to communicate with said user via at least one other communication channel than the service provider.03-15-2012
20120159586METHOD AND APPARATUS FOR IMPLEMENTING SECURITY MEASURES ON NETWORK DEVICES - A method for providing security measures on a network device, such as a router, is disclosed. In one embodiment, a method includes receiving a request for a network resource. The method further includes determining a classification of the request, and generating, based on the determined classification of the request, a security measure corresponding to the determined classification of the request for authentication of the request. The method also includes permitting access to the network resource when a correct response is received to the security measure corresponding to the determined classification of the request.06-21-2012
20120210406FORMING CREDENTIALS - Techniques are disclosed for issuing inoperative credentials, and making the inoperative credential operative at a subsequent point in time. For example, a method of forming a credential comprises the step of forming, at a first point in time, an inoperative credential. The inoperative credential is adapted to become operative, at a second point in time, to form an operative credential. The second point in time occurs after the first point in time.08-16-2012
20120159589DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.06-21-2012
20120159588DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.06-21-2012
20120159587METHOD AND SYSTEM FOR PRE-SHARED-KEY-BASED NETWORK SECURITY ACCESS CONTROL - A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.06-21-2012
20120072977Method and Apparatus for Securely Synchronizing Password Systems - A centralized password repository (CPR) provides network users with a password portal through which the user can manage password access to domains and applications on the network. A subset of the domains and applications on the network may be required, by design, to maintain a separate password infrastructure. For these systems, the CPR establishes a secure and authenticated communication channel and software on the system interfaces with the password infrastructure to synchronize the password in the system password infrastructure with the password in the CPR. For other systems not required to maintain a separate password infrastructure, the CPR performs password services by responding to requests from those systems seeking to validate user IDs and passwords. The CPR enables an administrator to modify network privileges and enables a user to alter passwords on the network through a single interface.03-22-2012
20120072976Dynamic Account Creation With Secured Hotspot Network - A secure network access point transmits a beacon transmission. A user device receiving it determines it does not have credentials necessary to attach with the secure network access point oint, and so a preliminary association is formed between the user device and the secure network access point. During the preliminary association, the user device receives or creates credentials necessary to associate with the secure network access point, forms an association with the secure network access point using the received or created credentials, and obtains internet connectivity via the secure network access point. In this embodiment there is only the secure network access point, but in another embodiment there is also a non-secure network access point which transmits a beacon using the same SSID as the secure network access point, and the preliminary association is with the non-secure network access point.03-22-2012
20120072975Circumstantial Authentication - An authentication system is provided. The authentication system comprises a first component configured to obtain information specific to an individual, a second component configured to dynamically formulate at least one challenge question based on the information, a third component configured to cause the at least one challenge question to be presented on a device when the device is used to perform an act that involves authentication, and a fourth component configured to judge authenticity based on an answer to the at least one challenge question.03-22-2012
20110072499METHOD OF IDENTITY AUTHENTICATION AND FRAUDULENT PHONE CALL VERIFICATION THAT UTILIZES AN IDENTIFICATION CODE OF A COMMUNICATION DEVICE AND A DYNAMIC PASSWORD - A method of identity authentication and fraudulent phone call verification uses an identification code of a communication device and a dynamic password. The “dynamic password” is directly sent to an Internet user via a dynamic web-page of a specific website instead of by means of a traditional telephone short message. Thus, the “dynamic password” cannot be copied from the spyware infected communication device of the Internet user. Furthermore, even if the “dynamic password” is intercepted or otherwise discovered by a hacker or intruder, authentication is still secure because the dynamic password must be sent back to the specific website via a short message or the like from the same communication device having the corresponding identification code that was initially input by the Internet user in order to generate the dynamic password.03-24-2011
20110107406SYSTEMS AND METHODS TO SECURE A VIRTUAL APPLIANCE - The present disclosure relates to systems and methods for providing secure support to virtual appliances delivered to customer sites without passwords or enabled ports for service. A virtual appliance may be established on a first device. The virtual appliance may comprise a self-contained virtual machine with a pre-installed operating system and may be established with no root password enabled and a remote access port disabled. An administration tool may receive from a requestor a request to enable maintenance for the virtual appliance. The administration tool may generate, responsive to the request, a random password. The administration tool may enable, responsive to the request, the remote access port. The virtual appliance may wait for a connection to the remote access port for a predetermined period of time. The administration tool may transmit the random password to a service of a second device remote to the first device.05-05-2011
20100095358Method and Base Station for Creating an Account in a Network Featuring a VoIP Protocol for DECT Mobile Parts - When registering a DECT mobile part (MT) with the base station (BS), the VoIP user ID (user) is formed from the DECT user ID (IPUI) according to a mapping rule and is used for registering an SIP account (SIPA). In addition, the SIP password (pw(AC)) is formed from the DECT authentication code (AC). Roaming or handover of DECT mobile parts (MT) in DECT systems featuring a VoIP connection can be accomplished in a simple manner by adjusting the DECT user ID (IPUI) to the SIP user ID (user (IPUI)) and adjusting the authentication code (AC) to the password (pw(AC)). The DECT mobile parts (MT) can continue to be used without change even when the same are connected to IP-oriented networks (IN), while said DECT mobile parts (MT) can be marketed for a wider range of uses.04-15-2010
20100095357Identity theft protection and notification system - An information monitoring and alert system is provided which registers subscribers and verifiers with a central alert system. The alert system provides an interface for the verifiers to submit queries relating to identification information. Information in this query is compared to the stored data submitted by the subscriber during registration and if a match occurs the subscriber is notified that the identification has been used for a certain purpose. The alert system only stores an encrypted value of the identification with only contact information which is preferably anonymous. Any other information is deleted after registration. The subscriber upon being alerted of the use of the identification is instructed to authorize or reject the transaction pertaining to the query.04-15-2010
20110099615SECURE FALLBACK NETWORK DEVICE - A network device and method may provide secure fallback operations. The device includes a port allowing the device to communicate with a network and a processor to generate a security credential, provide the security credential to a call manager during initialization, and provide the security credential to a secondary device during fallback operations. The network device may include a memory to store the security credential and routing information for fallback operations.04-28-2011
20110099614NETWORK SYSTEM, METHOD OF CONTROLLING ACCESS TO STORAGE DEVICE, ADMINISTRATION SERVER, STORAGE DEVICE, LOG-IN CONTROL METHOD, NETWORK BOOT SYSTEM, AND METHOD OF ACCESSING INDIVIDUAL STORAGE UNIT - A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user.04-28-2011
20090133107Method and device of enabling a user of an internet application access to protected information - A method and a system are disclosed, of enabling a user of an Internet application to access protected information. An idea behind at least one embodiment of the invention is that a user identifier token is created, after a user has been authenticated by way of a logon mechanism of the Internet application. The user identifier token is then associated with the authenticated user and stored at an Internet client of the authenticated user. When protected information is to be made available for a requesting user, the concerned set of protected information is associated with the authenticated user and an information identifier token is created and associated with the protected information. The information identifier token is delivered to the authenticated user via e-mail. When a request is received from a requesting user, it is verified that the request comprises a user identifier token and an information identifier token, that there exists an association between these tokens and the previously authenticated user and the protected information, respectively, and that the requested protected information is associated with the authenticated user. If so, the requesting user is allowed to access the protected information.05-21-2009
20120124653Certificate Based Access Control in Open Mobile Alliance Device Management - A wireless communication device provides a method of certificate-based access control. Particularly, the device establishes a secure communications session with a device management server. Rather than use access control lists to control access to the functions and services on the device, however, the device uses the certificate that was employed to establish the secure session to control access.05-17-2012
20120222099MULTIFACTOR AUTHENTICATION SERVICE - A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy.08-30-2012
20110119744PSEUDONYMOUS IDENTIFICATION MANAGEMENT APPARATUS, PSEUDONYMOUS IDENTIFICATION MANAGEMENT METHOD, PSEUDONYMOUS IDENTIFICATION MANAGEMENT SYSTEM AND SERVICE ADMISSION METHOD USING SAME SYSTEM - A pseudonymous ID (identification) management apparatus includes a token processing unit for validating an authentication token; a pseudonymous ID generation unit for issuing a pseudonymous ID corresponding to the authentication token; a temporary ID generation unit for issuing a temporary ID for use in an offline subscription; and an ID validation unit for validating a pseudonymous ID received from a web service apparatus along with a pseudonymous ID validation request and transmitting pseudonymous ID validation result to the web service apparatus, and validating a temporary ID received from the web service apparatus along with a pseudonymous ID exchange request and transmitting a pseudonymous ID corresponding to the temporary ID to the web service apparatus. The web service apparatus provides a service to which a user desires to subscribe.05-19-2011
20120317629REVERSE MAPPING METHOD AND APPARATUS FOR FORM FILLING - In the presently preferred embodiment of the invention, every time a user submits a form the client software tries to match the submitted information with the stored profile of that user. If a match is discovered, the program tags the field of the recognized data with a corresponding type. The resulting profile can be used after that to help all subsequent users to fill the same form.12-13-2012
20120131656Secure Information Storage and Delivery System and Method - A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is configured to receive at least one data entry. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device. A synchronization utility determines whether the at least one data entry on the secure vault is transferable to or storable on the mobile vault. and transfers the data entry from the secure vault to a corresponding data entry on the mobile vault if the at least one data entry on the secure vault is determined to be transferable to or storable on the mobile vault.05-24-2012
20120131653SYSTEM, DEVICES AND METHOD FOR SECURE AUTHENTICATION - A system, devices and method for authenticating a user requesting access, through a computing device connected to a network, to an on-line resource hosted by a server in communication with the network. The system, devices and method employing an authentication server and a mobile communications device in communication over a wireless network. The authentication server forwarding an authentication to the mobile communications device. Optionally, the authentication server also returning security information related to the authentication in response to the request. The mobile communications device operative to receive and process the authentication, and forward the processed authentication to the computing device over a short-range communications link.05-24-2012
20120131654PROPAGATING SECURITY IDENTITY INFORMATION TO COMPONENTS OF A COMPOSITE APPLICATION - Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined. The composite application may then continue to be executed for the entity.05-24-2012
20120131655User Authentication Device and Method - An authentication device (05-24-2012
20120131652HARDWARE-BASED CREDENTIAL DISTRIBUTION - This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.05-24-2012
20120131657Apparatus and Method for Authenticated Multi-User Personal Information Database - A method of assuring integrity of a personal information in a data base, containing personal information provided by multiple users, uses in various embodiments physiological identifiers associated with each of the users. Related systems are also provided. A user may be notified if a merchant verification request to the data base has produced a non-match event.05-24-2012
20120216264GENERALIZED CREDENTIAL AND PROTOCOL MANAGEMENT OF INFRASTRUCTURE - A workflow request having a set of device specific operations and credentials is obtained. The workflow request is parsed to locate at least one of the set of device specific operations and credentials. The located device specific operations and credentials are replaced with at least one logical device operation and logical credentials to create a generalized credential and protocol workflow.08-23-2012
20120216263Authentication in Communication Systems - A user of a first packet-based communication network is authorised to access a second packet-based communication network. In at least some embodiments, an authorisation request is received from a user terminal of the user at a first network element of the first packet-based communication network, the authorisation request comprising a first user identity. Responsive to the authorisation request, a request is transmitted to create a second user identity from the first network element to a second network element of the second packet-based communication network. The second network element creates the second user identity for use in the second packet-based communication network, the second user identity being derivable from the first user identity according to a predetermined rule. The second user identity in the second packet-based communication network is stored for use with subsequent communication events over the second packet-based communication network.08-23-2012
20100205660SYSTEM, METHOD AND PROGRAM PRODUCT FOR RECORDING CREATION OF A CANCELABLE BIOMETRIC REFERENCE TEMPLATE IN A BIOMETRIC EVENT JOURNAL RECORD - A system, method and program product for recording the creation of a cancelable biometric reference template in a biometric event journal record. The method includes providing a base biometric reference template having a unique base reference template identifier that uniquely identifies base biometric data collected for an individual, applying a data transform function having a first function key value to the base biometric reference template to create one cancelable biometric reference template and recording the one cancelable biometric reference template in a biometric event journal record. The method further includes creating additional cancelable biometric reference templates using different function key values of the data transform function. The method further includes encrypting the data transform function and the function key value applied to the base biometric reference template. The method further includes signing the cancelable biometric reference template and signing the biometric event journal with a digital signature.08-12-2010
20100071041IDENTIFICATION INFORMATION INTEGRATED MANAGEMENT SYSTEM, IDENTIFICATION INFORMATION INTEGRATED MANAGEMENT SERVER, AND COMPUTER READABLE RECORDING MEDIUM RECORDING IDENTIFICATION INFORMATION INTEGRATED MANAGEMENT PROGRAM THEREON - The present application relates to a technique applied to a system for performing authentication of a user by a one-to-one verification method by using an ID and biometric information of the user. When the user registers the ID and reference biometric information in a service providing system, the information is transmitted from the relevant service providing system to a management server. Then, in the management server, ID management by the reference biometric information is performed, and when the user inputs a wrong ID at the time of verification before the relevant service providing system starts to provide a service, a correct ID of the relevant user is found.03-18-2010
20120137351SECURE LAUNCHING OF BROWSER FROM PRIVILEGED PROCESS - Methods and apparatus include securely launching a web browser from a privileged process of a workstation to minimize enterprise vulnerabilities. The workstation includes a restricted-capability web browser pointed toward a web server. An executable file is wrapped about the browser and imposes restrictions, such as preventing the writing to a registry or installing ActiveX controls. It also has functionality to prevent users from linking to web locations in other than an https protocol or following links beyond an original host. Upon indication of a forgotten password/credential, the restricted-capability web is launched browser toward a web server. Upon authentication of identity, the user changes their password/credential for later logging-on to the workstation, but in a capacity without the limited functionality or the imposed browser restrictions.05-31-2012
20120137350SECURITY SYSTEM AND METHOD USING AUTOMATIC METER READING PROTOCOL - The present invention relates to a security system using an automatic meter reading protocol. The security system includes a Device Language Message Specification (DLMS) transmission unit for transmitting security DLMS data that includes security key update information and a first authentication value, and a DLMS reception unit for receiving the security DLMS data, searching the security key update information in the security DLMS data, and generating an updated security key using a second authentication value according to the security key update information. The security system can solve various problems occurring due to the operation of a separate security protocol, and can be easily implemented and managed.05-31-2012
20110185407Authentication System - The invention relates to an authentication system for a user possessing a means (07-28-2011
20110185406Systems and Methods to Authenticate Users - Systems and methods are provided to facilitate online transactions via mobile communications. In one aspect, a system includes a data storage facility to store account information with a phone number of the user and an interchange coupled with the data storage facility. The interchange includes a common format processor and a plurality of converters to interface with a plurality of different controllers of mobile communications. The converters are configured to communicate with the controllers in different formats; and the converters are configured to communicate with the common format processor in a common format to facilitate authentication of the user to sign in the account.07-28-2011
20110185405METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT - To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.07-28-2011
20110185404STAGED USER DELETION - A method, system, and computer program product for staged user identifier deletion are provided. The method includes checking a status of a user identifier in response to a triggering event. In response to determining that the status of the user identifier indicates a marked for deletion status, a notification action is performed. The method also includes monitoring a time value to determine whether a time for deletion associated with the user identifier with the marked for deletion status has been reached, and automatically deleting the user identifier with the marked for deletion status in response to determining that the time for deletion has been reached.07-28-2011
20110185403METHOD AND APPARATUS FOR CONTROLLING ACCESS TO A NETWORK RESOURCE - According to one aspect, there is provided a method of controlling access to a network resource. The method comprises receiving a request to grant a user access to the network resource, the request including a user identifier, determining whether the received user identifier is stored in a local user data store associated with the resource, and where it is not so determined determining, from user details stored in a master user data store, whether the user is authorized to access the resource, and where it is so determined obtaining a password, and storing the obtained password and user details in the local data store associated with the network resource.07-28-2011
20120174201System and Method for Managing Feature Enablement in an Information Handling System - A system to manage a key license includes an information handling system having non-volatile memory accessible to a processor. The non-volatile memory stores feature enablement information related to a feature that the information handling system is adapted to provide. The non-volatile memory stores instructions that are accessible to the processor and executable by the processor to send the feature enablement information to an external system after the information handling system is deployed, and to request the feature enablement information, or other feature enablement information, from the external system in response to receiving a request for the information handling system to provide the feature.07-05-2012
20120174202METHODS AND SYSTEMS FOR PROVIDING DATA OBJECTS ON A TOKEN - A computer system, method and/or computer-readable medium provide independent data objects to a token in compressed form. The independent data objects are representative of security information associated with the token. The system includes an interface operable to communicate with a token, and a processor cooperatively operable with the interface. The processor is configured to determine a set of independent data objects that are associated with the token, and to aggregate the set of independent data objects associated with the token into a group. Also, the processor is configured for compressing the group into a unit of contiguous data, and writing the unit of contiguous data to the token via the interface.07-05-2012
20100175117SYSTEM AND METHOD FOR PERSONAL IDENTIFICATION NUMBER MESSAGING - A relay site associated with a wireless network can send messages between mobile devices associated with the wireless network without having to transmit the messages to a host system. The messages include PIN messages and each of the mobile devices has a PIN address. The relay site includes a relay server for controlling the operation of the relay site, and sending the PIN messages between the mobile devices. The relay site also includes a relay data store having PIN information for users associated with the mobile devices. The relay server can access the relay data store to allow users that use the mobile devices to query the relay data store for PIN information of other users.07-08-2010
20100175116LOCATION-BASED SYSTEM PERMISSIONS AND ADJUSTMENTS AT AN ELECTRONIC DEVICE - Securing access to a portable electronic device (PED), securing e-commerce transactions at an electronic device (ED) and dynamically adjusting system settings at a PED are disclosed. In an example, usage or mobility characteristics of the PED or ED (e.g., a location of the ED or PED, etc.) are compared with current parameters of the PED or ED. A determination as to whether to permit an operation (e.g., access, e-commerce transaction, etc.) at the ED or PED can be based at least in part upon a degree to which the current parameters conform with the usage or mobility characteristics. In another example, at least a current location of a PED can be used to determine which system settings to load at the PED.07-08-2010
20100175115MANAGEMENT OF CREDENTIALS USED BY SOFTWARE APPLICATIONS - An identity management (“IdM”) system can change the credentials at certain intervals. If credentials change, there is no way for an application that uses the credentials to know that the credentials have changed because the application dependency relationships are unknown. When service account credentials change, credentials are typically manually updated for each dependent application. Some embodiments of the inventive subject matter allow IdM systems to track application dependencies for service accounts. The IdM systems can detect when service account credentials change and automatically notify dependent applications of the new service account credentials.07-08-2010
20120174198Shared Registration Multi-Factor Authentication Tokens - A system and method for more efficiently establishing a chain of trust from a registrant to a registry. A registrant credential is associated with a Shared Registration command and is sent by a registrar to a registry. Upon successful validation, a token is generated and bound to a registrant identifier. The token is included along with the registrant identifier in subsequent discrete Shared Registration commands submitted to the registry on behalf of the registrant. The registrant thus needs to submit its credential only once for changes that require several discrete commands. Also, it is more efficient for the Shared Registration System to validate a token for a set of commands than to validate different registrant credential for each discrete command.07-05-2012
20100287604IDENTIFICATION OF INTEGRATED CIRCUITS - Techniques are generally described for generating an identification number for an integrated circuit (IC). In some examples, methods for generating an identification of an IC may comprise selecting circuit elements of the IC, evaluating measurements of an attribute of the IC for the selected circuit elements, wherein individual measurements are associated with corresponding input vectors previously applied to the IC, solving a plurality of equations formulated based at least in part on the measurements taken of the attribute of the IC for the selected circuit elements to determine scaling factors for the selected circuit elements, and transforming the determined scaling factors for the selected circuit elements to generate an identification number of the IC. Additional variants and embodiments may also be disclosed.11-11-2010
20120174199PAIRING OF BASE AND DETACHABLE DEVICE - An apparatus and method for pairing a base and a detachable device. A query module queries a detachable device in response to the detachable device connecting to a base. The detachable device provides a display for the base if the detachable device and base are connected. A determination module determines if the detachable device is paired with the base. A credential module obtains a pairing credential for a pairing in response to the determination module determining that the detachable device is unpaired with the base.07-05-2012
20100299734METHOD AND APPARATUS TO AUTHENTICATE AND AUTHORIZE USER ACCESS TO A SYSTEM - A method, apparatus, and system are provided for authenticating a user. According to one embodiment, a request for authentication of a user is received via a secondary site, the request for authentication of the user including user information corresponding to the user. The user information is verified and, based on the verifying, a token associated with the user is generated, the token to be used to enable the secondary site to perform a task on the primary site on behalf of the user. The token is then transmitted to the secondary site.11-25-2010
20100299732TIME WINDOW BASED CANARY SOLUTIONS FOR BROWSER SECURITY - Tools and techniques related to time window based canary solutions for browser security are provided. These tools may receive requests to generate canary values in connection with providing content maintained on server systems, and compute canary values in response to these requests. These canary values may be based on identity information associated with different users, site-specific values associated with websites accessed by these users, and representations of time windows associated with the requests.11-25-2010
20100299731Electronic System for Securing Electronic Services - A method of accessing an internet based service, involves using a cellular telephony device to obtain a token from the provider of the internet based service, and within the cellular telephony device, using the token to calculate a time-limited password. The time-limited password is used in combination with at least one further user identification parameter to obtain access to the internet based service.11-25-2010
20110191836Apparatus For Real-Time Management Of The Performance Of Security Components Of A Network System - An apparatus for real-time management of a plurality of security components (SCs) connected to a network. The apparatus comprises a network interface for communication with the plurality of SCs connected to the network; a permanent storage unit for storing at least logon information to each of the plurality of SCs; a security component management unit (SCMU) having a plurality of integration point components (IPCs) enabled to identify the plurality of SCs connected to the network; a temporal storage unit for storing at least data collected from the plurality of SCs in the form of information units, each of the information units has a predefined limited lifetime after which such information unit is voided, thereby rendering the apparatus stateless; and a processing unit for carrying out at least one process designated to perform a specific generic task irrespective of a physical manifestation of each of the plurality of SCs.08-04-2011
20130174236SERVER AND METHOD FOR PASSWORD RECOVERY - An exemplary password recovery method is applied on a server. The server is connected to one user terminal. The server stores email addresses and email boxes associated with the corresponding email address. Each email box includes emails sent to each corresponding email address. Each email may be a registration email that includes a website and a username. The method receives a password recovery request for a submitted email address of a user, and determines whether there is a registration email in the email box. If yes, the method obtains the website and the username. The method then controls the user terminal to display the prompt information corresponding to the obtained website. Further, the method receives the input username, and determines whether the input username matches the obtained username. If yes, the method generates a new email password, and controls the user terminal to display the new email password.07-04-2013
20130174235Dynamically Updating Current Communication Information - A method, system and computer readable media for dynamically updating current communication information, for enabling access to current communication based upon biometric information and/or for allowing communication information to be associated with biometric information and then allowing this communication information to be provided to desired recipients.07-04-2013
20100050243METHOD AND SYSTEM FOR TRUSTED CLIENT BOOTSTRAPPING - Bootstrapping a trusted cryptographic certificate or other credentials into a client web browser application can be used to provide protection against “phishing” and “man-in-the-middle” attacks made over a computer network. Verification credentials are provided to users who connect directly to an authentication server and provide sufficient authentication information. The authentication server can rely upon the use of private URLs associated with each user as part of the verification process and can reject users who connect by clicking on a hyperlink directed to the authentication server.02-25-2010
20100050242GRAPHICAL PASSWORD AUTHENTICATION BASED ON PIXEL DIFFERENCES - A password, unknown to a user to be authenticated by the password, is created by comparing an image provided by the user to a master image. Random differences between the images are found and used to create the password. The password is then validated to determine whether the user is authorized and/or to determine whether a communication provided by the user is to be processed.02-25-2010
20090055908Apparatus and method for accessing user cookies between network domains - Multiple network domains may be grouped together. One network domain may represent a primary domain, while one or more additional network domains may represent secondary domains. User cookies associated with users may be stored in the primary domain. When a user attempts to access the primary domain, the primary domain may retrieve and use the user cookie to log the user into the primary domain. When a user attempts to access a secondary domain, the secondary sends a request to the primary domain. The primary domain sends the user cookie or related information (such as a token) to the secondary domain, which uses the user cookie or related information to log the user into the secondary domain. In addition, an active session between the user and one of the network domains can be transferred to another network domain.02-26-2009
20090055907Authentification Broker for the Securities Industry - Identity-independent authentication tokens enable issuance of a single strong credential that can be mapped to an individual at each of multiple accounts within the online world. An issuer generates one or more authentication tokens for issuance to individuals or other entities. In some instances, each of these authentication tokens comprises a unique serial number. The individual or other entity may then request an authentication token from the issuer. The issuer may then issue the token to the individual without the need to ask or require the individual to identify his or herself. The individual may then map this issued authentication token to the individual's password at each of the individual's online accounts.02-26-2009
20130174234LIGHT-WEIGHT CREDENTIAL SYNCHRONIZATION - Aspects of the subject matter described herein relate to credential synchronization. In aspects, an entity may have access to resources on two or more systems. After the entity's credentials are changed on a first system, the first system updates the credentials on a second system so that the entity can access resources on the second system using the new credentials. The first system maintains a mapping data structure that maps between the credentials data of the two systems. The first system may obtain credential requirements from the second system and provide these requirements in conjunction with receiving a request to change credentials so that a user changing the credentials may satisfy both systems.07-04-2013
20120185924RECORD CREATION FOR RESOLUTION OF APPLICATION IDENTIFIER TO CONNECTIVITY IDENTIFIER - A method of creating a DNS record in a DNS is provided. The method includes receiving one of an allocation record or information for obtaining the allocation record from a wireless device. The allocation record includes an expression. In addition, the method includes creating a DNS record for the expression. Furthermore, the method includes associating the DNS record with a credential.07-19-2012
20120084846IMAGE-BASED KEY EXCHANGE - This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service.04-05-2012
20120084845FIXED CLIENT IDENTIFICATION SYSTEM FOR POSITIVE IDENTIFICATION OF CLIENT TO SERVER - A tamperproof ClientID system to uniquely identify a client machine is invoked upon connection of a client application to a backend. Upon initial connection, the backend issues a unique ClientID containing a checksum. The client application prepares at least two different scrambled versions of the ClientID and stores them in respective predetermined locations on the client machine. Upon subsequent connection to the backend, the client application retrieves and unscrambles the values at the two locations, verifies the checksums and compares the values. If the checksums are both correct and the values match, the ClientID value is sent to the backend, otherwise the client application sends an error code.04-05-2012
20120084844FEDERATION CREDENTIAL RESET - Techniques for federated credential reset are presented. A principal requests a credential reset with a first service. The first service provides a link to a third party service previously selected by the principal. The principal separately authenticates to the third party service and cause the third party service to send a federated token to the first service. When the federated token is received by the first service, the first service permits the principal to reset an original credential to a new credential for purposes of accessing the first service.04-05-2012
20120266221METHOD FOR SECURE COMMUNICATION BETWEEN DEVICES - A method for communicating between a first device and a second device, includes the steps of the first and second device communicating by exchanging messages that are based on signals that are transmitted through a first communication channel and/or through a second communication channel, wherein the first and second communication channel have different signal propagation velocities; at least one of the first and second device computing the distance to the other device based on communication signal delays caused by the signal propagation velocities; wherein the method includes the further steps of controlling access of the second device to the first device depending on the computed distance.10-18-2012
20120233675AUTHENTICATION WITH MASSIVELY PRE-GENERATED ONE-TIME PASSWORDS - Embodiments of the invention provide systems and methods for the storage of One-Time Passwords (OTPs) on a device (principal) that needs to authenticate from time to time. It utilizes recent availability of data storage capacity not previously exploited in this arena. Also disclosed is the means to initialize and modify the system (all principals) in a secure manner, and the means to store the OTP production means on a device in a secure manner, even if the device has no built-in protected storage.09-13-2012
20120260324METHOD AND A SYSTEM FOR VALIDATING IDENTIFIERS - A method of validating an identifier is disclosed. In one embodiment an authenticating party system receives an identifier for validation and determines a first validation code associated with a current value of a counter. The first validation code is compared with the received identifier and, in the event that the identifier does not match the first validation code, the authenticating party system compares the identifier with one or more further validation codes associated with respective other values for the counter, said respective other values comprising N consecutive counter values succeeding the current value of the counter. If the identifier matches one of the further validation codes associated with a respective other value for the counter, the current value of the counter is updated to correspond with the respective other value for the counter associated with the matching further validation code.10-11-2012
20120260323SYSTEMS AND METHODS FOR PROCESSING AND TRANSMITTING SENSOR DATA - Systems and methods for continuous measurement of an analyte in a host are provided. The system generally includes a continuous analyte sensor configured to continuously measure a concentration of analyte in a host and a sensor electronics module physically connected to the continuous analyte sensor during sensor use, wherein the sensor electronics module is further configured to directly wirelessly communicate sensor information to one or more display devices. Establishment of communication between devices can involve using a unique identifier associated with the sensor electronics module to authenticate communication. Times tracked at the sensor electronics module and the display module can be at different resolutions, and the different resolutions can be translated to facilitate communication. In addition, the frequency of establishing communication channels between the sensor electronics module and the display devices can vary depending upon whether reference calibration information is being updated.10-11-2012
20120260325Secure and Usable Protection of a Roamable Credentials Store - A tool facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices. Access to the multiple secure sites and locations occur by utilizing a roamable credential store (RCS), which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately.10-11-2012
20120260322FLEXIBLE AUTHENTICATION FOR ONLINE SERVICES WITH UNRELIABLE IDENTITY PROVIDERS - A flexible authentication system is described herein that fluidly switches between a federated authentication model and a local short-lived token model that does not require sophisticated authentication infrastructure at the relying party site. Upon detecting an event that causes the identity provider to be unavailable for authentication, the relying party switches to a temporary token model. The system generates a bearer token or challenge associated with the user's identity and (optionally) associated with time data that limits the period during which the token is valid. The relying party communicates the short-lived token to the user using contact information associated with the user and already stored by the relying party. Upon receiving the short-lived token, the user provides the short-lived token to the relying party, and the relying party processes the token to validate the user's identity and then allows the user to access the relying party's online services.10-11-2012
20120233674SECURITY FOR REMOTE ACCESS VPN - Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection.09-13-2012
20080209529TRANSACTION INTEGRITY AND AUTHENTICITY CHECK PROCESS - The present invention refers to a process of transaction authenticity and integrity check that allows the user to verify the authenticity of an internet bank site. Said process does not require the use of special devices by the users, thus avoiding extra implementation costs and making its adoption easy.08-28-2008
20120266219METHOD AND SYSTEM FOR DYNAMIC IDENTITY VALIDATION - An approach is provided for electronic delivery of documents to a digital postal address. A user identifier is correlated with collected information. The user identifier is dynamically validated based on the correlation for delivery of postal mail in electronic form.10-18-2012
20130019289ONLINE SIGNATURE IDENTITY AND VERIFICATION IN COMMUNITY - Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. Electronic identity cards managed by the ESS may also be shared or included in other contexts, such as via a user's profile page on a social network, a user's email signature, or the like.01-17-2013
20100325705Systems and Methods for A2A and A2DB Security Using Program Authentication Factors - In various embodiments, security may be provided for application to application (A2A) and application to database (A2DB) implementations. In some embodiments, a method comprises receiving a registration request at a first digital device for a first application, receiving a first program factor associated with the first application, confirming the first program factor, generating a first password for a second application based, at least, on the confirmation of the first program factor, and providing the first password to a second digital.12-23-2010
20080301789METHOD AND SYSTEM FOR REAL WORLD VERIFICATION OF A PERSON AND/OR BUSINESS IDENTITY AT A CENTRAL LOCATION FOR REAL AND VIRTUAL WORLD - The method and system of the present invention provides a central location, such as the United States Postal Service® (USPS), a product that will advance them into the world of internet business and will in turn offer the opportunity for new sources of revenue. The method and system of the present invention has the facilities to verify a person's and/or businesses identity. The verification process can be done in the same manner as money order, check cashing and real P.O. boxes, which are currently limited to availability in the post office. If the user is verified at the central location, the user's e-mail address, domains, ISP, WSP, and Web Sites can be globally registered at one or more e-mail servers or service providers that participate with the verification. The e-mail server or service providers can attach a symbol of the identity verification on all e-mail sent by the e-mail server or service provider from the verified customer.12-04-2008
20080301790FAST RE-AUTHENTICATION WITH DYNAMIC CREDENTIALS - A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by a network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol—Transport Layer Security (EAP-TLS) and subsequent re-authentications may use Wi-Fi Protected Access (WPA).12-04-2008
20080301788IDENTITY ASSERTION - The present invention relates to using authorization information provided by an asserting agent to control identity-related interactions between a receiving agent and an identity agent, which acts on behalf of the asserting agent. The authorization information may be provided to the identity agent directly or through the receiving agent. When the asserting agent is asserting the identity of an associated entity to the receiving agent, the asserting agent delivers assertion information, which may but need not include the authorization information, to the receiving agent. The assertion information includes claim information that includes actual claims or identifies available claims. Upon receiving the assertion information, the receiving agent may interact with the identity agent. The identity agent will use the authorization information to control claim-related interactions with the receiving agent.12-04-2008
20120240206Configuration of a Data Collection Agent and Its Distribution System - A wireless device user controls participation in a study panel. The device contains a data collection agent installed by the user, the manufacturer, or a distributor. The user enlists in a study panel. The essential steps include: a user obtains a panel identification identity and provides it to a data collection agent; the data collection agent receives the panel identification identity and uses it to initiate the transfer of a data collection profile. Upon receiving the data collection profile, the data collection agent on the wireless device is configured to participate in a specific study. The agent is controlled by the profile to record metrics and user selections, transform the data into a package, and transmit the package to a destination package reception server determined in the profile.09-20-2012
20120324552System and Method for Securing Embedded Media - Set forth herein are systems, methods, and non-transitory computer-readable storage media for processing media requests in a secure way. A server configured to practice the method receives, from a media player client, a request for media content. The server requests a playback token from a playback service associated with the media content and generates a tag containing the playback token. Then the server transmits to the media player client a response to the request for media content based on the tag, wherein the media player client retrieves the media content by presenting the playback token to the playback service. The media player client can be an embedded media player or other player in a web browser. The server and the playback service can operate based on a common, pre-shared feed token. Other playback client and playback service embodiments exist.12-20-2012
20120324555LUHN VALIDATION AND DATA SECURITY ACROSS MULTIPLE ACTIVE DOMAINS - Systems and methods for maintaining data security using Luhn validation in a multiple domain computing environment are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The token generation algorithm includes a Luhn validation routine for producing a tokenized data string that either passes or fails Luhn. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found.12-20-2012
20120324554AUTOMATIC DEVICE PAIRING - One embodiment relates to a security apparatus. The apparatus includes a security controller. The security controller is within a secure domain. The controller is configured to receive a trigger event from a first device outside the secure domain and a second trigger event. The controller is configured to automatically generate a secure password from a provisional password using a secure password provisioning protocol in response to the first trigger event and the second trigger event. The controller is also configured to pair the first device with the secure domain by establishing secure communications using the secure password.12-20-2012
20120324553METHOD FOR THE DISCOVERY AND SECURE ACCESS TO MOBILE DEVICES IN PROXIMITY BY MEANS OF THE USE OF A VISUAL CHANNEL - Disclosed is a method for the secure access of a mobile device to a nearby client device that includes the following:12-20-2012
20120272303METHOD AND DEVICE FOR ENHANCING SECURITY OF USER SECURITY MODEL - The disclosure discloses a method and system for enhancing the security of a user security model. In the solution of the disclosure, after a Simple Network Managing Protocol (SNMP) server acquires a multi-byte original password of a user, detects whether the original password is composed of a specific byte string repeated multiple times; and if so, the user is prompted to reconfigure a password. In accordance with the solution provided by the disclosure, the disclosure greatly enhances the security of version V3 for the SNMP server side, solves the problem that the vulnerability exists in the security defined in version V3 in the prior art, and avoids the security hidden danger caused by the fact that illegal users can use the password different from the password of the authorized user to log on the SNMP server.10-25-2012
20120272301CONTROLLED USER ACCOUNT ACCESS WITH AUTOMATICALLY REVOCABLE TEMPORARY PASSWORD - Systems and computer-implemented methods are disclosed for providing controller access to a normally single-user account. In an example system, a primary user is provided with a primary password to the user account. A secondary user may be temporarily authorized by generating a temporary password selected independently of the primary password. The user account may be accessed by entering either the primary password or the temporary password. The temporary password is automatically revoked in response to granting access with the primary password. The secondary user is thereby provided with temporary access to the user account that is revocable by the primary user at any time without having to share the primary password with the secondary user and without having to change the primary password.10-25-2012
20120272305CREATING TESTS TO IDENTIFY FRAUDULENT USERS - Member profile information for a control set of one or more control members and for a fraudulent set of one or more fraudulent members are obtained. Each member in the control set is at least believed to be legitimate and each member in the fraudulent set is at least suspected of being fraudulent. A test associated with identifying fraudulent members is generated using the member profile information for the control set and for the fraudulent set; the test inputs one or more pieces of member profile information for a member being tested.10-25-2012
20120272302Human User Verification - Techniques for generating a human user test for online applications or services may include splitting the visual objects in an image into multiple partial images, and forming one or more alignment positions. At each of the alignment positions, some of the visual objects appear recognizable while some bogus visual objects also appear to prevent robots from recognizing the alignment positions. A user is requested to find the multiple alignment positions to return recognizable visual objects. A system determines that the user is a human user if the recognizable visual objects input by the user match the visual objects in the image.10-25-2012
20110239283SECURITY TOKEN DESTINED FOR MULTIPLE OR GROUP OF SERVICE PROVIDERS - An authentication server generates a security token to be used by a client for accessing multiple service providers by obtaining a secret key for each specified service provider, generating a saltbase, generating a salt for each service providers using the saltbase, the secret key, and a hashing algorithm, generating a session key that includes the salt, assigning an order to each of the generated salts, and arranging the salts based on the orders, generating a presalt for each provider using the salt for each previous provider, generating a postsalt for each of the specified service providers using the salt for each following provider, generating a blob for each of the specified service providers using the saltbase, the respective presalt, and the respective postsalt, inserting the generated blobs for the specified service providers in the security token, and providing the generated security token to the client workstation.09-29-2011
20110265160PASSWORD MANAGEMENT SYSTEMS AND METHODS - Password management systems include a plurality of child nodes and a mother node. Each child node includes a secure resource, a target account, and a password management service. The target account can be password-protected, and the secure resource can be accessible through the target account. The password management service can periodically update a password of the target account by requesting a new password from the mother node. In response to such requests, the mother node can generate new passwords and forward the new passwords to the appropriate child nodes. The mother node can store the new passwords in a database of current passwords. When an authorized user of the mother node requests a current password for a target account of a child node, the mother node can provide the requested current password to the authorized user. Other aspects, features, and embodiments are also claimed and described.10-27-2011
20110277021AUTHENTICATION SYSTEM - An authentication system by which character strings in squares are selected by a rule determined by a user out of a table in which character strings are assigned to obtain a one-time password. The user memorizes a rule of successively selecting three out of the positions of the squares in a table having five rows and five columns, for example. To each square (11-10-2011
20120331535METHODS AND SYSTEMS FOR COMPLETING, BY A SINGLE-SIGN ON COMPONENT, AN AUTHENTICATION PROCESS IN A FEDERATED ENVIRONMENT TO A RESOURCE NOT SUPPORTING FEDERATION - A system for distributed authentication includes a client machine, in a first domain in a federation, that receives from a user a first set of authentication credentials. The system also includes an intermediate machine in a second domain in the federation, a server, also in the second domain, a password management program executing on the server and a non-federated resource. The intermediate machine authenticates the user responsive to receiving the first set of authentication credentials and identifies a second set of authentication credentials. The server in the second domain authenticates the user, responsive to the second set of authentication credentials. The password management program, executing on the server, retrieves a third set of authentication credentials associated with the user. The non-federated resource authenticates the user, responsive to receiving, from the password management program, the third set of authentication credentials.12-27-2012
20120331534Systems and Methods for Managing Secure Communication Sessions with Remote Devices - According to various embodiments, a session manager generates, stores, and periodically updates the login credentials for each of a plurality of connected IEDs. An operator, possibly via an access device, may provide unique login credentials to the session manager. The session manager may determine the authorization level of the operator based on the operator's login credentials, defining with which IEDs the operator may communicate. According to various embodiments, the session manager does not facilitate a communication session between the operator and a target IED. Rather, the session manager maintains a first communication session with the operator and initiates a second communication session with the target IED. Accordingly, the session manager may forward commands transmitted by the operator to the target IED. Based on the authorization level of the operator, a session filter may restrict what may be communicated between an operator and an IED.12-27-2012
20100229228METHOD AND APPARATUS FOR ASSOCIATING TICKETS IN A TICKET HIERARCHY - A method and apparatus for associating session ticket includes a ticketing authority server. The ticketing authority server receives a ticket generation request and information about a client node. It identifies a master session ticket associated in a storage element with the client node. The ticketing authority server then generates a derivative session ticket for the client node and associates the derivative session ticket with the master session ticket. Finally, the ticketing authority server stores information about the client node and the derivative session ticket in the storage element.09-09-2010
20100229227Online authentication system - A hardware device connected to a network access point to authenticate itself to a server is disclosed. The device stores authentication software, and applicative data. The device is used to generate a one-time password to uniquely identify itself to a server.09-09-2010
20100229226Function-Based Authorization to Access Electronic Devices - Systems and methods to secure authorized access are disclosed. A method includes receiving, an electronic device, a request to generate function-authorization settings including function-access data associated with a particular function of the electronic device to be protected. The method also includes prompting for and receiving function-access data. The received function-access data includes first function-access data that specifies access credentials of a first user to access the particular function and second function-access data that specifies access credentials of a second user to access the particular function. The method also includes associating the received function-access data with the particular function and storing the function-authorization settings including the received function-access data at a memory of the electronic device.09-09-2010
20110307945Slave Device for a Bluetooth System and Related Authentication Method - An active slave device for a Bluetooth system comprises a non-volatile memory unit for storing a plurality of link keys corresponding to a master device capable of switching among a plurality of operating modes, wherein the plurality of link keys correspond to the plurality of operating modes and are generated by a key pairing performed between the active slave device and the master device; and a key fishing unit for searching whether any of the plurality of link keys conforms to a qualified link key that can enable the active slave device under the current operating mode of the master device.12-15-2011
20120102555System and Method of Enabling Access to Remote Information Handling Systems - A system and method of enabling access to remote information handling systems is disclosed. In one form, a method of enabling an initialization of an information handling system is disclosed. The method can include receiving a request to initialize a remote information handling system, and determining an access information operable to enable an initialization sequence of the remote information handling system. The access information can be configured to enable an initialization of the remote information handling system. The method can also include communicating the access information via a network to the remote information system.04-26-2012
20120102553Mixed-Mode Authentication - Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.04-26-2012
20100199336TRANSFORMING STATIC PASSWORD SYSTEMS TO BECOME 2-FACTOR AUTHENTICATION - The present invention provides systems and processes for transforming any system that implements a static password authentication or 108-05-2010
20100199335COMMUNICATION SYSTEM-DECENTRALIZED TERMINAL ACCOMODATING SWITCHING DEVICE AND COMMUNICATION SYSTEM-DECENTRALIZED TERMINAL CONTROL METHOD - Provided is a communication system-decentralized terminal control method that can prevent terminals from having the same communication system. The communication system-decentralized terminal control method includes a writing step of writing, when there is a connection request from a given terminal, user identification information of the terminal, a password corresponding to the identification information, identification information of a communication system that the terminal is equipped with, and an IP address and port number that the terminal uses for the communication system in a storage so that the user identification information, the password, the identification information of the communication system, the IP address and the port number are associated with one another; and a logoff step of logging off, when the same user identification information, password, and identification information of communication system as the above are already so written in the storage as to be associated with one another, the other terminal that has the IP address and port number that are already so written in the storage unit as to be associated with the user identification information, the password, and the identification information of communication system.08-05-2010
20100199337SYSTEM AND METHOD FOR ESTABLISHING AND AUTHORIZING A SECURITY CODE - A system and method for controlling access to a resource is provided. A user provides input to the system. Based on the user inputs, a security code may be automatically assembled by extracting stored data. If the assembled security code matches a required value, access may be granted. Otherwise, the user may be denied access to the resource.08-05-2010
20130014236METHOD FOR MANAGING IDENTITIES ACROSS MULTIPLE SITES - A method, data processing system, and computer program product for managing passwords. A computer system receives a notification from a website that indicates a password for the website needs to be changed. If the computer system determines the website is in a list of websites and a classification of the website matches one or more of a set of website classifications, a notification is sent to a password vault that indicates the password for the website needs to be changed. A set of passwords in the password vault is selected based upon the set of passwords meeting a policy for password management.01-10-2013
20130014238Deterministic User Authentication Service For Communication Network - A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network. Log-in attempts are recorded so that the identity and whereabouts of network users may be monitored from a network management station.01-10-2013
20130014237ONE TIME PASSWORD AUTHENTICATION OF WEBSITES - A method including generating a first and second One Time Password (OTP) token from a shared clock, receiving a third OTP token, and comparing the second and the third OTP tokens. A system including a number generator residing on a first server to generate first and second One Time Password (OTP) tokens from a shared clock, a transmitter residing on the first server to transmit the first and the second OTP tokens, a receiver residing on a second server to receive the first, the second, and a third OTP tokens, and a comparator residing on the second server to compare the second and the third OTP tokens to authenicate an identity of a party who generates the third OTP token.01-10-2013
20100132019REDUNDANT MULTIFACTOR AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM - A redundant multifactor identity authentication system provides users with a secure mechanism for providing identity information through the use of redundant independent identity providers in concert with each other so that resources are accessed only through a combination of providers. By eliminating reliance on a single provider, security is increased as is reliability. Similarly, redundant credentials can be provided to relying parties to ensure that the relying party receives proof of a credential without requiring a specific credential.05-27-2010
20120151563AUTOMATED MANAGEMENT OF SYSTEM CREDENTIALS - One disclosed aspect of the present invention includes authentication and user account automation within a compute cluster for each cluster node that requires password or other credential administration. For example, a storage appliance computing system may rely on a plurality of subsystems (such as databases, storage management software, and application servers) that each have internal user accounts with associated passwords and credential keys that need to be changed at frequent intervals. Rather than requiring an administrator to manually manage all of these accounts, the presently described invention includes techniques and an authentication manager component to automatically manage, update, and refresh authentication information as required. Further, the authentication manager component may be used to perform and propagate automatic credential changes such as new sets of SSH keys or updated passwords as required within a computing system, and respond to new nodes or out-of-sync credentialing scenarios.06-14-2012
20130019291SERVICE OPENING METHOD AND SYSTEM, AND SERVICE OPENING SERVER - Embodiments of the present invention relate to a service opening method and system, and a service opening server. The method includes: receiving a service request from a third-party application, where the service request carries type and parameter information of the requested service; querying, according to the type information of the service, a service directory to obtain an access address and authentication type information of the requested service; when it is determined that the invoking of the service needs an authorization of an end user, obtaining an authorization notification message of the end user according to the type information of the service and the parameter information of the service; and forwarding, the service request to a capability server, and forwarding, to the third-party application, a service response message returned by the capability server. The control of the end user on the authorized service is ensured to the greatest extent.01-17-2013
20130019290SYSTEM AND METHODS FOR WEAK AUTHENTICATION DATA REINFORCEMENT - Systems and methods for weak authentication data reinforcement are described. In some embodiments, authentication data is received in a request to authenticate a user. In response to detecting weak authentication data, the systems and methods determine whether the user was previously authenticated as a human user. An example embodiment may include initiating an authentication process based on determining that the user was previously authenticated as a human user.01-17-2013
20110162054FIRMWARE AND METHOD FOR GENERATING ONE TIME PASSWORDS (OTPs) FOR APPLICATIONS - The invention describes a method, firmware, and computer program product for generating one or more One Time Passwords (OTPs) for one or more applications. The firmware embedded in a computational device receives one or more registration details corresponding to an application from a user. Thereafter, the firmware generates a Dynamic Information Number (DIN) based on at least one of the registration details and an application identifier (SIID). The user registers with the application with the DIN and at least one of the registration details. Further, the user may access the application using an OTP generated by the firmware based on the DIN and the application identifier.06-30-2011
20110162053SERVICE ASSISTED SECRET PROVISIONING - A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.06-30-2011
20130024922VIRTUAL COMPUTER AND SERVICE - A virtual computer service includes receiving, at a network server computer over a network, an encrypted image and user credentials for a user of a computer, and storing the encrypted image and the user credentials in an image repository that is communicatively coupled to the network server computer. The virtual computer service also includes receiving a request to initiate a session, the request including the user credentials. Upon successful validation of the user credentials, the virtual computer service includes selecting the encrypted image from the image repository, decrypting the encrypted image, activating a session for a virtual computer associated with the computer, and synchronizing session details of the session, once completed, with the image and storing a synchronized image in the image repository.01-24-2013
20130024920VIRTUAL COMPUTER AND SERVICE - A virtual computer service includes receiving, at a network server computer over a network, an encrypted image and user credentials for a user of a computer, and storing the encrypted image and the user credentials in an image repository that is communicatively coupled to the network server computer. The virtual computer service also includes receiving a request to initiate a session, the request including the user credentials. Upon successful validation of the user credentials, the virtual computer service includes selecting the encrypted image from the image repository, decrypting the encrypted image, activating a session for a virtual computer associated with the computer, and synchronizing session details of the session, once completed, with the image and storing a synchronized image in the image repository.01-24-2013
20130024923METHOD FOR MUTUAL AUTHENTICATION OF A USER AND SERVICE PROVIDER - The present invention relates to a method and system for mutual authentication of a user and service provider, said method comprising acts of: authenticating an event by a key generation module (KGM), said event is generated on a computing device by a user, sending a shared secret of registered user for the event by an authentication server to the key generation module (KGM), generating one time key by the KGM for the event, transmitting the one time key by appending the shared secret to registered user mobile device, and performing at least one of: authenticating the user for said event by the KGM when a registered user enters the one-time key on the computing device within a predetermined time period, or terminating the event upon receipt of predefined key sequence from the mobile device.01-24-2013
20130024921SECURE ON-LINE SIGN-UP AND PROVISIONING FOR WI-FI HOTSPOTS USING A DEVICE-MANAGEMENT PROTOCOL - Embodiments of a mobile device and method for secure on-line sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, the mobile device may be configured to establish a transport-layer security (TLS) session with a sign-up server through a Wi-Fi Hotspot to receive a certificate of the sign-up server. When the certificate is validated, the mobile device may be configured to exchange device management messages with the sign-up server to sign-up for a Wi-Fi subscription and provisioning of credentials, and retrieve a subscription management object (MO) that includes a reference to the provisioned credentials for storage in a device management tree. The credentials are transferred/provisioned securely to the mobile device. In some embodiments, an OMA-DM protocol may be used. The provisioned credentials may include certificates in the case of certificate-based credentials, machine-generated credentials such as username/password credentials, or SIM-type credentials.01-24-2013
20130024919CLOUD SERVICE AUTHENTICATION - One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider.01-24-2013
20130024918METHODS AND SYSTEMS FOR AUTHENTICATING USERS OVER NETWORKS - A method for authenticating users over networks includes requesting a one-time password, entering a personal identification number into a communications device, and retrieving a replaceable shared secret stored in the communications device. Moreover, the method includes generating a hashed personal identification number from the entered personal identification number, combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret, and generating a one-time password with the modified shared secret and the time of requesting the one-time password.01-24-2013
20080250481Secure Web-Based User Authentication - Techniques for authenticating a user are described. In one implementation, a user requests access to protected information or resources by providing a user name and a password to a web server that controls access to the information or resources. If the user name and password match a known user profile, the web server retrieves a user identifier (e.g., a personal identification number) and constructs a translation table around the user identifier. The translation table includes the values that constitute the user identifier, random representations of each value, visual images that represent each value, and random image names for each visual image. The information in the translation table is then used to generate a user interface that allows the user to enter his or her user identifier via the user's computing device without exposing the actual user identifier values to the computing device.10-09-2008
20110247062ELECTRONIC TRANSACTION SECURITY SYSTEM - A system and method for generating a limited use login credential associated with an account maintained by an institution, where the credential facilitates secure access to the account.10-06-2011
20110247063Mutual Mobile Authentication Using a Key Management Center - A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.10-06-2011
20130179951Methods And Apparatuses For Maintaining Secure Communication Between A Group Of Users In A Social Network - Embodiments address various methods and apparatuses that attempt to minimize the time that the security communication between group members may be at risk due to a user joining or leaving. For example, embodiments include methods of minimizing the time for which a joining member receives a secure commonly shared key and other embodiments include methods of minimizing the time that a user leaving the group has access to data shared within the group through updating the secure commonly shared key.07-11-2013
20130179952Refreshing group membership information for a user identifier associated with a security context - A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information.07-11-2013
20130145445MECHANISM FOR FACILITATING DYNAMIC AND CONTINUOUS TESTING OF SECURITY ASSERTION MARKUP LANGUAGE CREDENTIALS IN AN ON-DEMAND SERVICES ENVIRONMENT - In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic and continuous testing of security assertion markup language (SAML) credentials in an on-demand services environment. In one embodiment and by way of example, a method includes identifying, at a computing device, an organization using a SAML process in an on-demand service environment, obtaining SAML credentials relating to the identified organization, and testing the SAML credentials relating to the identified organization. The testing includes asserting a set of test credentials against the SAML credentials relating to the identified organization. The method may further include generating one or more new codes based on testing results obtained from testing.06-06-2013
20130145446SYSTEMS AND METHODS FOR FAST AUTHENTICATION WITH A MOBILE DEVICE - A system for authenticating a user to a service includes a service, an authentication server and a device. The service includes first signal interface, first processing hardware and first user interface. The authentication server includes second signal interface and second processing hardware. First signal interface transmits a request to the authentication server to authenticate a user. Second processing hardware creates a session identifier and encodes it into a pictogram. Second signal interface transmits the pictogram to the service. The device includes third processing hardware that scans the pictogram and extracts the session identifier, and a third signal interface that transmits the credentials and the session identifier to the authentication server. Second processing hardware verifies the credentials, and second signal interface securely transmits the result of the authentication to the service.06-06-2013
20130145447CLOUD-BASED DATA BACKUP AND SYNC WITH SECURE LOCAL STORAGE OF ACCESS KEYS - Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device.06-06-2013
20120254959IDENTITY MANAGEMENT ON A WIRELESS DEVICE - A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.10-04-2012
20120254958METHOD TO ACHIEVE COEXISTENCE OF MULTIPLE WIRELESS NETWORKS USING UNIQUE NETWORK IDENTIFIERS - The techniques of this disclosure generate a random network identifier to a network device to set up a wireless network. The generated random network identifier may be compared to network identifiers of other wireless networks within the range of the network device. If the generated network identifier matches any of the network identifiers within the range, a new random network identifier may be generated, until a generated network identifier does not match any of the network identifiers within the range. The network device may then assign the generated unique network identifier as the wireless network's network identifier and send the network identifier to all the devices that wish to join the wireless network.10-04-2012
20120254957User impersonation/delegation in a token-based authentication system - A “trusted service” establishes a trust relationship with an identity provider and interacts with the identity provider over a trusted connection. The trusted service acquires a token from the identity provider for a given user (or set of users) without having to present the user's credentials. The trusted service then uses this token (e.g., directly, by invoking an API, by acquiring another token, or the like) to access and obtain a cloud service on a user's behalf even in the user's absence. This approach enables background services to perform operations within a hosted session (e.g., via OAuth-based APIs) without presenting user credentials or even having the user present.10-04-2012
20130097681SECURE CACHING OF SERVER CREDENTIALS - A credential caching system includes receiving a set of authentication credentials, storing the set of authentication credentials in a credential cache memory, wherein the credential cache memory is coupled with a management controller, and supplying the set of authentication credentials for automatic authentication during a reset or reboot. In the event of a security breach, the credential caching system clears the set of authentication credentials from the credential cache memory so that the set of authentication credentials may no longer be used for a reset or reboot.04-18-2013
20130104207Method of Connecting a Mobile Station to a Communcations Network - A method of connecting a mobile station to a communications network is provided, and includes performing an authentication of the mobile station at the network. A secure identifier, generated at the mobile station, is received at a gateway node and at an access node from an authentication node of the network if it is determined by the authentication that the mobile station is a subscriber to the network. A first secure communications tunnel is established from the access node to the mobile station using a value of the secure identifier and a second secure communications tunnel is established from the access node to the gateway node of the network using the value of the secure identifier. The first and second communications tunnels are bound together to form a communications path between the mobile station and the network.04-25-2013
20130104206System and Method for Providing User Lifecycle Management and Service Orchestration of Multiple Media Services Across Multiple Display Screens - A system and method are provided for enabling personalization and service coordination of media services across multiple devices. The method comprises providing a first module to interface with information technology infrastructure and media services provided by an operator or third parties; and providing, using the first module, service orchestration and user lifecycle management components to enable authorized and personalized access to multiple network operator services across multiple devices and services.04-25-2013
20130104205ACCOUNT CREATING AND AUTHENTICATING METHOD - An account creating and authenticating method is provided. Firstly, an account is created according to a face image included in a photo. A password corresponding to the face image is also generated by a service system. During an account authenticating method, an image pickup device is used to shoot a face of a login person on the spot. If the service system judges that the shot face image of the login person on the spot complies with a predetermined face image corresponding to an existing account, the login person is allowed to login into the service system and the password is displayed. In a case that the image pickup device is provided, the service system may be authenticated by inputting the password. The method of the present can simplify the process of creating and authenticating the account.04-25-2013
20130125223System And Method For Transparently Authenticating A User To A Digital Rights Management Entity - Various embodiments of a system and method for transparently authenticating a user to a digital rights management entity are described. In various embodiments, a digital rights management server may be configured to receive an authentication token from a first remote computer system. Such authentication token may indicate that a particular user of the first remote computer system was authenticated by a first content provider of one or more content providers. In various embodiments, the digital rights management server may also be configured to verify the authentication token by determining that one or more portions of the authentication token were generated based on respective authentication information issued to the first content provider. In various embodiments, the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials.05-16-2013
20130125222System and Method for Vetting Service Providers Within a Secure User Interface - A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The security component may send the address of the relying party to a reputation service and query the reputation service about the reputation of the relying party. The reputation service may return reputation information about the relying party. The security component may display an indication of the relying party's reputation. If the reputation information indicates the relying party is reputable, the security component will allow the network-enabled application to exchange information with the relying party. Otherwise, the component may not allow the network-enabled application to exchange data with the relying party.05-16-2013
20130125221System and Method for Secure Password-Based Authentication - Various embodiments of a system and method for secure password-based authentication are described. The system and method for secure password-based authentication may include an authentication component configured to request and receive authentication from an authenticating system according to a secure password-based authentication protocol. The authentication component may be configured to participate in an attack-resistant password-based authentication protocol such that an attacker who has compromised the authorizing system and/or a communication channel between the authentication component and the authenticating system may not determine a user's password and/or impersonate the user. In one embodiment, the authentication component may be configured to provide its attack-resistant password-based authentication functionality to an application (e.g., through a stand-alone application, plugin, or application extension). For instance, the authentication component may enable a web browser to participate in the attack-resistant password-based authentication protocol in order to access an online bank account from a web server.05-16-2013
20090013390Security Device And Method Incorporating Multiple Varying Password Generator - A two-varying-password generator having two varying passwords of different digit lengths and different time intervals is disclosed. A two-varying-password generator has a printed circuit board where a processor is soldered onto, a battery, a display window and an on/off key and code key. The processor is loaded with two predetermined programs that can produce two passwords (or more than two passwords) of different digit length and different time interval. When on/off key is pressed, the processor is activated and produces two passwords of the current time using the two predetermined programs loaded in the processor. The two passwords are the functions of time, which are defined by two predetermined programs respectively. Meanwhile, the host computer also stores these two programs in the customer's account. As the clocks of both two-varying-password generator and host computer work in synchronously, both of them can produce two identical passwords of the same moment. Application of two-varying-password generator can counter phishing sites, fight credit card forgery and unauthorized transaction, tackle cloned ATM card. The technique of two-varying-password generator possesses an advantage over competitor's techniques: very low computation load for both host computer and two-varying-password generator. This means that annual fee for each customer is so little that it can be neglected and a two-varying-password generator can be made in very slim size as only a button-size battery is enough to support its 5-year life span.01-08-2009
20080320571EMERGENCY RESPONDER CREDENTIALING SYSTEM AND METHOD - A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.12-25-2008
20080320569METHODS, SYSTEMS, AND APPARATUS FOR STAGGERED RENEWAL PERIODS - An embodiment relates generally to receiving a plurality of security certificates for each user of a plurality of users and generating a random renewal period for a selected security certificate. The method also includes associating the random renewal period to the selected security certificate and providing the selected security certificate with the random renewal period to the respective user of the plurality of users.12-25-2008
20080201768Method For Managing A Large Number Of Passwords, Portable Apparatus And Certification Information Storing Device Using The Same, And Certification Information Management Method Using The Same - Disclosed herein are a password management apparatus and method, a certification information storage apparatus and a certification information management method. The password management method of accessing and managing desired passwords through a portable password management apparatus and a terminal on which a password management program is installed, includes a first step of executing the password management program on the management terminal, a second step of receiving a user authentication number from the management apparatus, and comparing the first authentication number with a user authentication number previously stored in the management terminal, thereby authenticating whether a user is a legitimate user, and a third step of, only if the user is authenticated as a legitimate user, receiving a password list from the management apparatus and outputting the received password list onto a screen. 08-21-2008
20080201767AUTHENTICATED CREDENTIAL-BASED MULTI-TENANT ACCESS TO A SERVICE - Associating a computing device with a group of other computing devices. A service receives a common credential from the computing device and associates the computing device with the other computing devices also associated with the common credential. The service generates a machine-specific credential for use by the computing device in subsequent communications with the service. The machine-specific credential is used to authenticate, identify, and group the computing device with the other computing devices in the subsequent communications.08-21-2008
20110225635NON-OBTRUSIVE SECURITY SYSTEM FOR DEVICES - A security system is provided including providing a device including: storing a security rule for operation of the device when an event occurs; and implementing the security rule upon the occurrence of the event to allow non-obtrusive user access to the device.09-15-2011
20110239284ID BRIDGE SERVICE SYSTEM AND METHOD THEREOF - An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.09-29-2011
20130152180DEVICE USING SECURE PROCESSING ZONE TO ESTABLISH TRUST FOR DIGITAL RIGHTS MANAGEMENT - A DRM client on a device establishes trust with a DRM server for playback of digital content. The client executes in a secure execution environment, and the process includes (1) securely loading loader code from secure programmable memory and verifying it using a digital signature scheme and first key securely stored in the device; (2) by the verified loader code, loading DRM client code from the memory and verifying it using a digital signature scheme and second key included in the loader code; (3) by the verified DRM client code (a) obtaining a domain key from the memory; (b) encrypting the domain key with a device identifier using a DRM system key included in the DRM client code; and (c) sending the encrypted domain key and device identifier to the DRM server, whereby the device becomes registered to receive content licenses via secure communications encrypted using the domain key.06-13-2013
20130152178SECURE ENTERPRISE SERVICE DELIVERY - A device receives enterprise information associated with enterprises supported by a network, and determines enterprise identifiers for one or more enterprises identified in the enterprise information. The device also receives information associated with devices and subscribers of the network, and determines security key parameters based on the information associated with the devices and the subscribers of the network. The device further generates, based on the security key parameters, a security key for each of the enterprise identifiers.06-13-2013
20130152179SYSTEM AND METHOD FOR USER AUTHENTICATION USING ONE-TIME IDENTIFICATION - A system for user authentication using OTIDs (one-time identifications), includes a client terminal configured to generate n number of OTIDs which is used in the user authentication, and sequentially select one of the generated n number of OTIDs to use the selected OTID as a user identification in each authentification session. Further, the system includes an authentication server configured to receive the generated n number of OTIDs from the client terminal to store same, when the one OTID selected from the n number of OTID and a secret key are transmitted, inquire the OTID in a DB (database), and determine whether a secret key which is associated with the inquired OTID and stored in the DB and the received secret key is matched to performing the user authentication.06-13-2013
20100287603FLEXIBLE IDENTITY ISSUANCE SYSTEM - Techniques for implementing flexible identity issuance systems to allow users to specify one or more evaluation processes to be carried out by the issuance system based on input identity information. These evaluation processes may be specified in any suitable manner to allow an issuance system to carry out any process for generating output identity information for a content consumer. In some embodiments, an evaluation process may be specified to the issuance system as a series of tasks to be carried out, where each task corresponds to a conditions and an action to be taken when the condition is met. In this way, an evaluation process may be simply and easily specified by what operations are to be carried out, rather than how the operations are to be carried out. An issuer may interpret the specification to determine a functional process for carrying out the tasks.11-11-2010
20100299733SYSTEM AND METHOD FOR DISTRIBUTING PERSONAL IDENTIFICATION NUMBERS OVER A COMPUTER NETWORK - The present invention comprises a system and method for managing an inventory of PINs in a PIN distribution network. The distribution network includes a hub coupled to a one or more servers and each of the servers is coupled to at least one client terminal. The system includes a hub for dynamically allocating PINs of the inventory among the servers so as to substantially maintain a quantity of PINs at each server at a desired level for each server. Additionally, the hub acquires additional PINs in response to at least one PIN in the inventory being distributed to at least one user from at least one of the client terminals. In variations, the hub maintains centralized databases and synchronizes the centralized databases with corresponding databases at each server.11-25-2010
20090055909DATA TRANSMITTING METHOD WITH MULTIPLE TOKEN MECHANISM IN WIRELESS TOKEN RING PROTOCOL - A data transmission method with multiple token mechanism in wireless token ring protocol is provided. First, (a) a logical ring with M nodes is provided; (b) a k-th node is selected from the logical ring, and a token in the k-th node is generated; (c) a first message is sent to a (k+1)-th node from the k-th node with the token, and whether the (k+1)-th node responds a second message is judged, if yes, the data to be transmitted is transmitted from the k-th node, otherwise, the token of the k-th node is eliminated; (d) the token is sent to the (k+1)-th node from the k-th node after completing the transmission of the transmitted data of the k-th node, a generation token sequence is generated in a i-th node, and sent to a (i−1)-th node; and (e) the token is generated for the (i−1)-th node with the generation token sequence.02-26-2009
20100319058METHOD USING ELECTRONIC CHIP FOR AUTHENTICATION AND CONFIGURING ONE TIME PASSWORD - A method using an electronic chip for authentication and configuring an one time password uses a one time password generated at a one time password service end replacing a personal identification number required in authenticating operations on an electronic chip (IC cards, such as smart card, hardware secure module(HSM)e, EMV chip . . . etc.). Before operating on the electronic chip, a request for the one time password is sent to the one time password service end; or the one time password with access condition is applied in advance, and is used as a key to authenticate operations on the electronic chip. The method enhances privacy of the password and provides added application method for improved confidentiality.12-16-2010
20120284784AIRBORNE PICO CELL SECURITY SYSTEM - Security is provided in a wireless communication system in a moving vehicle by requiring user input of one or more security codes for validation before the system permits communication. One code, a security access code, corresponds to the vehicle travel segment and is given to the passenger(s) in transit. The second type of code, a personal identification number (PIN), is given to the passenger after baggage check-in. The PIN code is correlated to the passenger and/or seat assignment. PIN use enables associated data systems to report the seat number or location of all parties engaging in wireless communications within the vehicle.11-08-2012
20120284783PASSWORD CHECK BY DECOMPOSING PASSWORD - A proposed password is decomposed into basic components to determine and score transitions between the basic components and create a password score that measures the strength of the proposed password based on rules, such as concatenation, insertion, and replacement. The proposed password is scored against all known words, such as when a user is first asked to create a password for an account or access. The proposed password can also be scored against one or more previous passwords for the user, such as when the user is asked to change the user's previous password, to determine similarity between the two passwords.11-08-2012
20120284782Method and system for facilitating secure electronic transactions - A computer-implemented method for securing data and facilitating transactions. The method including the steps of collecting data from a sender party into a memory of a computer and generating an encrypted code representative of the sender party data stored in the memory of the computer. A graphic image representative of the encrypted code in the computer is generated and is provided from the computer to the sender party. The generated graphic image is then captured in an electronic device associated with a recipient party that the sender party desires to perform a transaction with whereafter the generated graphic image or the encrypted code it represents is transmitted from the recipient party electronic device to the computer to perform the transaction with the sender party.11-08-2012
20120284781SYSTEM AND METHOD FOR USER FRIENDLY DETECTION OF SPAMMERS - A computer-implemented method is disclosed. The method involves: providing to a first client computing device a first instance of a first software program that includes a first secret ID value; receiving a first account creation request that includes the first secret ID value; associating the first account creation request with the first client computing device; and approving the first account creation request and creating a first account for the first client computing device if less than a first threshold of previous account creation requests that include the first secret ID value have been previously received, and a presumption that the first client computing device is a spammer does not apply; or denying the first account creation request if either the number of previously received account creation requests that include the first secret ID value is equal to or greater than the first threshold, or the presumption that the first client computing device is a spammer applies.11-08-2012
20120284780TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE - Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment.11-08-2012
20130185777Methods And Apparatus For Reliable And Privacy Protecting Identification Of Parties' Mutual Friends And Common Interests - Systems and techniques for authenticating joint friends of users of wireless devices. An authenticating authority delivers a token to a wireless device for each party identified as a friend of a user of the wireless device, such as through relationships in an online social network. Two wireless devices can use information relating to the tokens to determine information relating to joint friends of the users of the devices, such as the identities of joint friends or simply the numbers of joint friends. Tokens can be further refined to allow for analysis that provides information relating to the degree of intimacy of the relationship between a user and a party identified as a friend.07-18-2013
20130185778SYSTEM, METHOD AND PROGRAM FOR OFF-LINE TWO-FACTOR USER AUTHENTICATION - Provided is an off-line two-factor user authentication system with a reduced risk of leakage of authentication information. The two-factor user authentication system is designed to use, as a password, a one-time-password derivation rule to be applied to certain pattern elements included in a presentation pattern at specific positions so as to create a one-time password, and further use, as a second authentication factor, information identifying a client to be used by a user. A plurality of pattern seed values each adapted to uniquely specify a presentation pattern in combination with a client ID, and a plurality of verification codes corresponding to respective ones of the pattern seed values, are stored in an off-line two-factor authentication client. A presentation pattern is created based on a selected one of the pattern seed values and a client ID, and an entered one-time password is verified based on a verification code corresponding to the selected pattern seed value.07-18-2013
20130185780COMPUTER IMPLEMENTED METHOD AND SYSTEM FOR GENERATING A ONE TIME PASSWORD - This technology provides methods, non-transitory computer readable medium and apparatuses that generate a OneTime Password (OTP) such that no hardware token is used. The technology uses some functions and parameters generated and transmitted to the client machine, by the server. The server generates a token for each session, cyclic groups G07-18-2013
20110289568ACCESS MANAGEMENT APPARATUS, COMMUNICATION TERMINAL, ACCESS MANAGEMENT METHOD ACCESS METHOD, ACCESS MANAGEMENT PROGAM, ACCESS PROGAM, AND RECORDING MEDIUM - An access management apparatus manages access to a local network via a wide area network and includes an access information acquiring unit that acquires access information that is used in accessing the local network; an authenticating unit that performs an authentication process for a portable storage device; and a recording unit that stores the access information acquired by the access information acquiring unit to a storage device authenticated by the authenticating unit.11-24-2011
20110314527INTERNET PROTOCOL-BASED FILTERING DEVICE AND METHOD, AND LEGITIMATE USER IDENTIFYING DEVICE AND METHOD - Provided are an Internet Protocol (IP)-based filtering device and method and a legitimate user identifying device and method. The IP-based filtering method includes receiving packets from terminals, determining whether the packets are transmitted based on legitimate user IPs, transmitting the packets to a web server when it is determined that the packets are transmitted based on the legitimate user IPs, and determining whether a capacity capable of processing the packets exists in the web server when it is determined that the received packets are not the packets transmitted based on the legitimate user IPs, and transmitting the packets to the web server when it is determined that the capacity exists in the web server, and blocking the packets when the capacity does not exist.12-22-2011
20110314526SYSTEM AND METHOD FOR HANDLING PERSONAL IDENTIFICATION INFORMATION - A system, method, and client registration and verification device for handling personal identification information. The client device collects from an individual, a sufficient amount of biometric information to uniquely identify the individual, as well as historical mobility information providing a history of locations where the individual has lived. A caching manager stores the collected biometric information at a selected cache node in a hierarchical database having a plurality of cache nodes at multiple levels of the database. The caching manager selects the cache node based on the historical mobility information collected from the individual. The client device sends subsequent requests to verify the identity of the individual to a local cache node where newly input biometric information is compared with the cached information. When the individual's biometric information is not stored in the local cache node, the request is forwarded upward in the database until the cached information is found and compared.12-22-2011
20110321144SYSTEMS AND METHODS OF AUTHENTICATION IN A DISCONNECTED ENVIRONMENT - A communication system and method are disclosed for establishing a secure communication channel including: a server for generating and storing a first instance of a unique personalized client application associated with a first-time user on the server, a client terminal for the user to communicate with the server over a communication channel and a standalone computing device having a second instance of the unique personalized application. The user authenticates the server based on a first dynamic identifier (DI-12-29-2011
20110321143CONTENT PROTECTION USING AUTOMATICALLY SELECTABLE DISPLAY SURFACES - Embodiments of the invention are directed to systems and methods for protecting content by automatically identifying a display surface viewable only to authorized users and displaying protected content on the identified display surface. In one example embodiment, content is displayed on a first display surface in viewable range of a first user authorized to view the content. The entrance of a second user into viewable range of the first display surface is detected, and automatically determined to be unauthorized to view the content. A second display surface in viewable range of the first user but not viewable by the second user is automatically identified in response to detecting the entrance of the second, unauthorized user into viewable range of the first display surface. The display of the content is automatically moved from the first display surface to the second display surface to prevent the content from being viewed by the unauthorized user.12-29-2011
20130191895Recovery of Information from Commercial Web Portals - Novel tools and techniques for automated recovery of information from commercial web portals, including commercial web portals requiring credentials for access. In some instances images are captured and pushed to external processes for improving system performance. In some instances access to automated software agent remote control modules is balanced across a system comprising a plurality of processors hosting the automated software agent remote control modules. Some instances provide provisioning of credentials, in particular indicating credentials available for an unlimited or a select limited number of users and monitoring credential use of those credentials usable by a select number of users. Some instances provide cache management optimizes retrieval of data by external processes and ensures reliability of such data to reduce unnecessary web portal inquiries.07-25-2013
20130191896AUTOMATIC PROVISIONING OF RESOURCES FOR MEETING COLLABORATION - A system for provisioning an output device, may include a processor; a memory; and a records display program. The records display program may be executed by the processor to maintain an indication of availability dates and times of one or more output devices connected to the network; to receive an output device invitation indicating a first output device to reserve at a meeting conducted over a conferencing system; to determine whether the first output device is available for reservation during a date and time period of the meeting; and to communicate to the first output device activation information indicating that the first output device is to become active at a first predetermined date and time related to the date and time period of the meeting and login information including a first credential for the first output device to use for logging into the conferencing system for the meeting.07-25-2013
20130191897Field Provisioning a Device to a Secure Enclave - This invention includes apparatus, systems, and methods to add a new device to a secure enclave, without requiring the new device to enter close proximity to the security entity and protected area. A new device is able to gain access to the secure enclave by first obtaining a temporary credential from an existing device in the field. The new device presents the temporary credential to the security entity which authenticates, provisions, and if appropriate fully associates the new devices to the secure enclave. The invention also includes a process for creating and distributing the temporary credentials to existing devices in the field including using secure connections to transmit electronic version of the temporary credentials and methods to securely distribute physical copies of the credentials. This invention enables rapid deployment of new devices, or replenishment of lost or damaged devices in the field without compromising the security of the device or the secure enclave. The invention also reduces the resources required, provides a solution that is available at any time, and reduces the technical skill required to add a device to a secure enclave.07-25-2013
20130191898IDENTITY VERIFICATION CREDENTIAL WITH CONTINUOUS VERIFICATION AND INTENTION-BASED AUTHENTICATION SYSTEMS AND METHODS - A system providing features for facilitating the authentication and verification of a consumer, facilitating and sharing trust between the consumer and third parties, and for continuously updating such information. The system can create an online identity credential based on verifying the identity of an individual subject. The system can include adding first, second, and third party information to the credential, analyzing the data in the credential to create metadata stored within the credential, continuously and periodically updating the elements and metadata of the identity credential, and for sharing selected data and metadata elements of the credential with second and third parties. The system can be used as a standalone identity credential or in support of biometric identity applications. The system can include rewards to encourage subjects to continuously verify their identity. The system can include a Knowledge-Based-Authentication based on intention analysis derived from second-party data, rather than factual third-party data.07-25-2013
20130191893System and Method for Ensuring Anonymity to Provide Self Help Guidance - User access to a help system is provided in an anonymous manner. A provider organization distributes unique pre-generated unique user access codes to potential users. The user access codes include a general information portion and a random portion. When accessing the system for the first time, the user enters their unique user access code, a username, and password. The system associates the username with the password and with the user access code. Subsequent, the user logs into the system using the username and password. Data may be compiled and stored in association with the user access code for later retrieval and analysis to calculate statistics for provider organizations.07-25-2013
20130191900COMMUNICATION APPARATUS, REMINDER APPARATUS, AND INFORMATION RECORDING MEDIUM - Provided is a communication apparatus (07-25-2013
20130191894Integrating Server Applications with Multiple Authentication Providers - Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.07-25-2013
20120005732PERSON AUTHENTICATION SYSTEM AND PERSON AUTHENTICATION METHOD - A person authentication system includes: an authentication server storing biometric data for matching related to an anonymous ID of a user; a biometric sensor acquiring biometric data of the user; and a terminal acquiring an anonymous ID stored in an electronic storage medium and transmitting the anonymous ID to the authentication server together with the biometric data acquired by the biometric sensor, wherein the authentication server transmits data needed for an access to personal data stored in the electronic storage medium to the terminal when there is a correspondence to a predetermined extent between the biometric data acquired by the biometric sensor and biometric data for matching related to the anonymous ID.01-05-2012
20120005731HANDOVER METHOD OF MOBILE TERMINAL BETWEEN HETEROGENEOUS NETWORKS - A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator.01-05-2012
20120023561ID AUTHENTICATION SYSTEM, ID AUTHENTICATION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING ID AUTHENTICATION PROGRAM - To prevent specification and tracking of a terminal across a plurality of service providers when a user uses a plurality of services. An ID authentication system according to the present invention is an ID authentication system including a terminal apparatus, a service providing apparatus, and an authentication server. A terminal apparatus 01-26-2012
20120030742METHODS AND APPARATUS FOR PROVIDING APPLICATION CREDENTIALS - Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device.02-02-2012
20120030741METHOD FOR TERMINAL CONFIGURATION AND MANAGEMENT AND TERMINAL DEVICE - A method for terminal configuration and management includes: acquiring a configuration file, where the configuration file includes server account information; configuring the server account information in the acquired configuration file onto a Device Management Tree (DMT) of a terminal; based on the server account information, establishing a management session between the terminal and the server, and performing management and subsequent configuration on the terminal during the session. A corresponding terminal device and a corresponding system are also provided. Through the method, the terminal can determine, according to protocol version information supported by or corresponding to the corresponding server and carried in a configuration packet, a protocol that should be used for communication with a server, and perform configuration according to the correct protocol version, thus improving the operation efficiency.02-02-2012
20120030740AUTHENTICATION OF DEVICES OF A DISPERSED STORAGE NETWORK - A method begins by a first processing module generating a dispersed storage network (DSN) authentication request frame that includes authenticating data and an authenticating code, wherein the authenticating code references a valid authenticating process. The method continues with the first processing module transmitting the DSN authentication request frame to a second processing module. The method continues with the second processing module determining whether the second processing module includes the valid authentication process referenced by the authentication code. When the second processing module includes the valid authentication process, processing, by the second processing module, the authenticating data in accordance with the valid authentication process to produce processed authenticating data. The method continues with the second processing module generating a DSN authentication response frame that includes the processed authenticating data and transmitting the DSN authentication response frame to the first processing module.02-02-2012
20120030739METHOD AND APPARATUS FOR SECURITY OF MEDIUM INDEPENDENT HANDOVER MESSAGE TRANSMISSION - A method and an apparatus for securing media independent handover message transportation are provided. The method for securing media independent handover message transportation, include: performing an authentication procedure by a terminal with an access router to generate a master session key; transmitting the generated master session key and address information of the terminal to an information server by the access router; generating an information server key to be used in transmitting and receiving a message by the information server with the terminal using the received master session key and the address information of the terminal; and forming a secure channel by the terminal and the information server using the generated information server key. Since a key formed at a layer 2 is used in an MIH authentication step being a layer 3 not to repeatedly create a secure key, a security procedure may be rapidly performed.02-02-2012
20120030738DIGITAL MEDIA CONTROLLER AND METHOD FOR SHARING MEDIA DATA BETWEEN NETWORKS USING THE DIGITAL MEDIA CONTROLLER - Digital media controller and a method for sharing media data include setting an account and a password. The method further includes when the second DMC sending input account and input password and logging on legally, searching and storing first shared media data in a first DMS into the shared folder and informing the second DMC to obtain a list of the first shared media data from the shared folder. The method further includes sending the first shared media data using a stream packet to the second DLNA network, in response that the first DLNA network receiving a request of accessing the first shared media data in the shared folder from the second DLNA network through a VPN.02-02-2012
20130198825Method of Securing Access to Data or Services That Are Accessible Via A Device Implementing the Method and Corresponding Device - The invention allows to secure access to data or services that are available for devices and applications via a device implementing the method. In order to secure the access to data or to one or more services that is/are accessed via a network device, the invention proposes a method that among others avoids unauthorized access to a data or one or more services and a device implementing the method.08-01-2013
20130198826AUTHENTICATE A FINGERPRINT IMAGE - A computing machine including a sensor to capture a fingerprint image from a user and generate a password in response to the user accessing the sensor, a component to create a package of the fingerprint image and the password, and a processor to authenticate the fingerprint image from the package before decrypting an encryption of the password if a request for the password has been received before a predefined time has elapsed.08-01-2013
20130198823Presenting Managed Security Credentials to Network Sites - Disclosed are various embodiments for providing managed security credentials to network sites for authentication. Multiple accounts of a user are maintained for multiple network sites. A secured resource of a network site is to be accessed by a computing device. One of the accounts is identified according to a domain name of the network site. The account is associated with a different network site having a different domain name from the domain name. The computing device is automatically authenticated with the network site using a security credential associated with the account.08-01-2013
20130198822Authentication Management Services - Disclosed are various embodiments for authentication management services, where authentication services of network sites may support authentication management clients associated with different authentication management services. An authentication request is obtained by way of an authentication protocol from an authentication management client executed in a client computing device. The authentication request specifies a security credential associated with a user account. The user account at the client computing device is authenticated for access to at least one secured resource of a network site in response to the authentication request and in response to the authentication management client being supported.08-01-2013
20130198824Recovery of Managed Security Credentials - Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid.08-01-2013
20120297465USER IDENTIFICATION METHOD APPLICABLE TO NETWORK TRANSACTION AND SYSTEM THEREOF - A user identification method and a system thereof are provided. A user device delivers a certificate packet with a user identification number to a certificate server, and receives a reply packet with a code from a password server. The user device uses the code to produce a user terminal identification code, and delivers an identification packet with the user terminal identification code to the certificate server. After having received the certificate packet, the certificate server delivers an inquiry packet with the user identification number to the password server, for the password server to inquire about the password and expiration time according to the user identification number. After having received the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine whether the user is allowed to proceed to the subsequent transaction.11-22-2012
20120066748METHOD AND APPARATUS FOR AUTHENTICATING ACCESS BY A SERVICE - An approach is presented for authenticating access by a service. The server receives a request, from a service, for the server, wherein the request includes, at least in part, a service-specific secret or a derivation of the service-specific secret. Further, the server determines to generate a server-computed secret. Then, the server determines to authenticate the request based, at least in part, on a comparison of the service-specific secret or the derivation of the service-specific secret against the server-computed secret or a derivation of the server-computed secret.03-15-2012
20130205376SYSTEM AND METHOD FOR SECURING DISTRIBUTED EXPORTING MODELS IN A NETWORK ENVIRONMENT - A method is provided in one example implementation and includes identifying a plurality of exporters that are authorized to communicate data to a collector on behalf of a secure domain; generating secure credentials for the secure domain; communicating the secure credentials to the collector; and authenticating the exporters using the secure credentials. In more particular implementations, the method can include receiving the secure credentials; receiving certain data that includes identifying information, which further includes an Internet protocol (IP) address of a source associated with the certain data; accepting the certain data if the secure credentials validate the identifying information; and rejecting the certain data if the secure credentials do not validate the identifying information.08-08-2013
20120304262AUTOMATING CLOUD SERVICE RECONNECTIONS - Technologies are generally described for automatically reconnecting a security principal to cloud services through correlation of security principal identifier attributes. A new security principal for a user may be detected and automatically reconnected to the user's cloud based services. An administrator for the security domains may specify a value of a unique security principal metadata attribute for the original security principal in a customizable security principal metadata attribute in the new security principal in the same or new security domain. A secondary verification metadata attribute may optionally be specified to ensure the correct security principal is reconnected to the user's cloud based resources. The correlation between the original security principal for the user and the new security principal may be used to reconnect the user's cloud resources.11-29-2012
20130097680HIGH-DENSITY MULTI-TENANT DISTRIBUTED CACHE AS A SERVICE - A multi-tenant, elastically scalable cache as a service is disclosed. Embodiments of the cache service eliminate the need for applications to manage their own cache tier. The multi-tenant cache service is implemented by maintaining/creating multiple named caches in a cache cluster and mapping each tenant's cache to a named cache in the cluster. Strict quotas are enforced on cache sizes This allows caches with different replication attributes to co-exist on the same cache server, allows migration of a cache from one cluster to another for load balancing purposes, and allows a cache to inflate/deflate to meet business needs. A network load balancer is used to route cache items to servers.04-18-2013
20120096526FLEXIBLE MODULES FOR VIDEO AUTHENTICATION AND SHARING - A method for managing video authentication and sharing includes storing a playlist of video clips in a storage device, allowing a manager to define a degree of privacy for the playlist by the computer system, defining roles for a plurality of users in relation to the video clips, creating user tokens for the plurality of users according to the respective roles of the users, receiving a user token over a computer network, authenticating the user token and the role of a user associated with the user token, deciding on whether the user has the right to access the playlist of video clips based on the role of the user and the degree of privacy defined for the playlist, and if it is determined that the user has the right to access the playlist, allowing the user to access the playlist of video clips over the computer network.04-19-2012
20120096525Supporting Compliance in a Cloud Environment - Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.04-19-2012
20130212656Dynamic PSK for Hotspots - Systems and methods for providing secured network access are provided. A user device located within range of a hotspot initiates a request sent via an open communication network associated with the hotspot. The request concerns secured network access at the hotspot by the user device. A unique pre-shared key is generated for the user device based on information in the received request and transmitted over the open communication network for display on a webpage accessible to the user device. The unique pre-shared key is stored in association with information regarding the user device. The user device may then use the unique pre-shared key in subsequent requests for secured network access.08-15-2013
20130212657ELECTRONIC DEVICE AND METHOD FOR RESETTING UNLOCKING PASSWORD OF THE ELECTRONIC DEVICE - A computerized method resets an unlocking password of an electronic device. Verification information used for resetting a first unlocking password currently used for unlocking the electronic device, and a destination for receiving a second unlocking password in place of the first unlocking password are preset in the electronic device. A request message from a terminal device is monitored in real-time, and checked for the inclusion of the verification information. The second unlocking password is generated, the first unlocking password of the electronic device is replaced by the second unlocking password, and the second unlocking password is sent to the destination if the verification information is included in the request message.08-15-2013
20130212658SYSTEM FOR AUTOMATED PREVENTION OF FRAUD - A system for preventing fraud of a web service offered by a service provider at a website, which comprises:08-15-2013
20130212659TRUSTED CONNECTED VEHICLE SYSTEMS AND METHODS - This disclosure relates to systems and methods for facilitating a security and trust architecture in connected vehicles. In certain embodiments, a method for creating a trusted architecture in a connected vehicle may include generating a connected vehicle ecosystem map including information relating to a plurality of electronic control units and network connections included in the connected vehicle. Based on the vehicle ecosystem map, trusted relationships involving electronic control units may be identified. Trusted credentials may be generated and issued to electronic control units that meet one or more trust requirements. Using the trusted credentials, trusted communication within the connected vehicle may be achieved.08-15-2013
20130212661CREDENTIAL MANAGEMENT SYSTEM - A server may communicate with a mobile device and/or a reader device via an Internet connection. The server may be configured to generate a credential and transmit the credential to the mobile device. The mobile device may use the credential in an access control system, a payment system, a transit system, a vending system, or the like.08-15-2013
20130212660CREDENTIAL MANANGEMENT SYSTEM - A server may communicate with a mobile device and/or a reader device via an Internet connection. The server may be configured to generate a credential and transmit the credential to the mobile device. The mobile device may use the credential in an access control system, a payment system, a transit system, a vending system, or the like.08-15-2013